A few years ago, the Defense Department drafted a legislative proposal to get rid of principal cyber advisor positions across all services.

While this idea didn’t make it out of the Pentagon, three-plus years later, Chris Cleary, the former principal cyber advisor for the Department of the Navy, said that was a good thing.

Cleary, who left government recently and joined ManTech as its vice president of its global cyber practice, said the impact of the principal cyber advisor in the Navy is clear and lasting.

“This is challenging because all the services in the very, very beginning wanted to get rid of the principal cyber advisors. There was a legislative proposition that was trying to be submitted and Congress came over the top and said, ‘No, you’re going to do this,” Cleary said during an “exit” interview on Ask the CIO. “So year one in the job, I make the joke, I was just trying to avoid getting smothered by a pillow because no one wanted this position especially after we just stood up the re-empowered CIO office so what’s a PCA? And what’s this person going to do for the organization? I was very attuned to that and ready that if the decision is to push back on this creation, and maybe do away with the PCA job, I was just going to go back to being a chief information security officer. I was being a good sailor and focused on whatever are the best needs of the Navy. I was prepared to do that.”

The move to get rid of the principal cyber advisors never came to fruition and, instead, the Navy, and likely other military services, now see the value in the position.

Cyber advisor wields budget influence

Cleary said one way the principal cyber advisor continues to provide value is around budgeting for cybersecurity. He said each year his office submits a letter on the “budget adequacy” to the Defense Department’s planning process, called the Program Objective Memorandum (POM).

“I found that the PCA office really became the champion for advocating and supporting programs like More Situational Awareness for Industrial Control Systems (MOSAICS), which was a thing we were doing for operational technology systems ashore, and another product called Situational Awareness, Boundary Enforcement and Response (SABER), which was its cousin and for OT stuff afloat,” he said. “What you found is both of those programs are being championed by hardworking, honest Navy employees that just couldn’t break squelch to get a properly resourced or funded or programmed for. The PCA was able to champion these things within the E-Ring of the Pentagon. Things like MOSAICS, as an example, I am very proud of, we worked very closely with the Assistant Secretary of the Navy for Energy, Installations and Environment, Meredith Berger. She very quickly recognized the problem, most of this fell kind of within her sphere of influence as the person responsible for resourcing all of the Navy’s infrastructure. She very quickly embraced it, adopted it and hired an individual within the organization to look at this specifically.”

Cleary said over the course of the next few years, he worked with Berger’s team as well as other cyber experts in the Navy and across DoD to do deep dives into how to secure OT.

When the Defense Department rolled out its zero trust strategy in November 2022, the services faced more challenges around operational technology than typical IT. Cleary said the PCA helped the Navy better understand the OT stack was more complex and the tools used for IT wouldn’t necessarily work.

“The further you get down closer to an actual device or controller you can’t just roll a firewall out against that,” he said. “They have their own vulnerabilities and risks associated with them. But they’re things that we haven’t traditionally looked at when you when I’m talking about OT, like weapon systems, defense, critical infrastructure, these massive foundation of things that not only enable what we do from an enterprise IT standpoint,  but we’ve got to keep the lights on and the water flowing, and the Aegis weapon system has lots of computers with it, but that isn’t an enterprise IT system so who’s looking at those, who’s resourcing those, it’s only been the last decade or so that we’ve seen a lot of these is legitimate target areas.”

Champion of attention, resources

Cleary said his office helped get the Navy to spend more money and resources on protecting operational technology because it wasn’t always a top priority.

The OT example, Cleary said, is exactly why Congress created the PCA.

“We didn’t do any of the work to create these things. We just champion them appropriately and ensure they got the attention they deserved. And then ultimately, the resourcing required so they can be successful,” he said.

Cleary said it was clear that after three-plus years as the principal cyber advisor for the Navy, the benefits outweighed any concerns.

He said with the cyber world becoming more convoluted and complex, the position helps connect dots that were previously difficult to bring together.

“I think Congress would come and ask a question and they would get 10 different answers from 10 different people. I’m not saying we got there. But the idea of the PCA was to get those 10 different answers from 10 different people and then try to consolidate that answer into something that made sense that we could agree upon and present that answer back to Congress,” he said. “I’m not going to say we fully succeeded there because there are a lot of ways around the PCA and the PCA offices, but I think as the offices get more and more established, organizations like Fleet Cyber Command for the Navy, the Naval Information Forces and others were seeing the benefit of the PCA’s job to be the middleman and deal with the back and forth.”

Continue to create trust

Cleary said toward the end of his tenure, these and other offices, including the Marines cyber office, started to work even more closely with his office on these wide-ranging cyber challenges. He said the principal cyber advisor was slowly, but surely becoming the trusted cyber advisor initially imagined.

“I use the analogy of a fishing line, when you start pulling out a fishing line and you’re not sure what the weight of the fishing line is, but if you break the line, it’s over. So the trick was to pull on it with just the right amount of tension without risking or breaking it,” he said. “I knew the PCA office was something new and if the relationships with those organizations became tenuous, or were cut off because of the PCA coming in and say, ‘Hey, you shall do this or that,’ it wasn’t going to work. The way I envisioned the role of PCA was not to tell anybody inside the organization how to operationalize their own environments. My whole job was to go to them and understand what it is they needed, based on their experience and their expertise, and then get them that. The more that I could be seen as a value and not here to check their homework and poke them in the eye about their readiness, the more successful I’d be.”

Cleary said for the principal cyber advisor to continue to be successful, they have to continue to establish trust, understand their role is personality driven and focus on getting the commands the money and resources they need to continue to improve their cyber readiness.

The post Why the principal cyber advisor ended up being a good thing first appeared on Federal News Network.

The National Institutes of Health’s BioData Catalyst cloud platform is only just starting to take off despite it being nearly six years old.

It already holds nearly four petabytes of data and is preparing for a major expansion later this year as part of NIH’s goal to democratize health research information.

Sweta Ladwa, the chief of the Scientific Solutions Delivery Branch at NIH, said the BioData Catalyst provides access to clinical and genomic data already and the agency wants to add imaging and other data types in the next few months.

“We’re really looking to provide a free and accessible resource to the research community to be able to really advance scientific outcomes and therapeutics, diagnostics to benefit the public health and outcomes of Americans and really people all over the world,” Ladwa said during a recent panel discussion sponsored by AFCEA Bethesda, an excerpt of which ran on Ask the CIO. “To do this, it takes a lot of different skills, expertise and different entities. It’s a partnership between a lot of different people to make this resource available to the community. We’re also part of the larger NIH data ecosystem. We participate with other NIH institutes and centers that provide cloud resources.”

Lawda said the expansion of new datasets to the BioData Catalyst platform means NIH also can provide new tools to help mine the information.

“For imaging data, for example, we want to be able to leverage or build in tooling that’s associated with machine learning because that’s what imaging researchers are primarily looking to do is they’re trying to process these images to gain insights. So tooling associated with machine learning, for example, is something we want to be part of the ecosystem which we’re actively actually working to incorporate,” she said. “A lot of tooling is associated with data types, but it also could be workflows, pipelines or applications that help the researchers really meet their use cases. And those use cases are all over the place because there’s just a wealth of data there. There’s so much that can be done.”

For NIH, the users in the research and academic communities are driving both the datasets and associated tools. Lawda said NIH is trying to make it easier for the communities to gain access.

NIH making cloud storage easier

That is why cloud services have been and will continue to play an integral role in this big data platform and others.

“The NIH in the Office of Data Science Strategy has been negotiating rates with cloud vendors, so that we can provide these cloud storage free of cost to the community and at a discounted rate to the institute. So even if folks are using the services for computational purposes, they’re able to actually leverage and take benefit from the discounts that have been negotiated by the NIH with these cloud vendors,” she said. “We’re really happy to be working with multi-cloud vendors to be able to pass some savings on to really advanced science. We’re really looking to continue that effort and expand the capabilities with some of the newer technologies that have been buzzing this year, like generative artificial intelligence and things like that, and really provide those resources back to the community to advance the science.”

Like NIH, the Centers for Medicare and Medicaid Services is spending a lot of time thinking about its data and how to make it more useful for its customers.

In CMS’s case, however, the data is around the federal healthcare marketplace and the tools to make citizens and agency employees more knowledgeable.

Kate Wetherby, the acting director for the Marketplace Innovation and Technology Group at CMS, said the agency is reviewing all of its data sources and data streams to better understand what they have and make their websites and the user experience all work better.

“We use that for performance analytics to make sure that while we are doing open enrollment and while we’re doing insurance for people, that our systems are up and running and that there’s access,” she said. “The other thing is that we spend a lot of time using Google Analytics, using different types of testing fields, to make sure that the way that we’re asking questions or how we’re getting information from people makes a ton of sense.”

Wetherby said her office works closely with both the business and policy offices to bring the data together and ensure its valuable.

“Really the problem is if you’re not really understanding it at the point of time that you’re getting it, in 10 years from now you’re going to be like, ‘why do I have this data?’ So it’s really being thoughtful about the data at the beginning, and then spending the time year-over-year to see if it’s something you should still be holding or not,” she said.

Understanding the business, policy and technical aspects of the data becomes more important for CMS as it moves more into AI, including generative AI, chatbots and other tools.

CMS creating a data lake

Wetherby said CMS must understand their data first before applying these tools.

“We have to understand why we’re asking those questions. What is the relationship between all of that data, and how we can we improve? What does the length of data look like because we have some data that’s a little older and you’ve got to look at that and be like, does that really fit into the use cases and where we want to go with the future work?” she said. “We’ve spent a lot of time, at CMS as a whole, really thinking about our data, and how we’re curating the data, how we know what that’s used for because we all know data can be manipulated in any way that you want. We want it to be really clear. We want it to be really usable. Because when we start talking in the future, and we talk about generative AI, we talk about chatbots or we talk about predictive analytics, it is so easy for a computer if the data is not right, or if the questions aren’t right, to really not get the outcome that you’re looking for.”

Wetherby added another key part of getting data right is for the user’s experience and how CMS can share that data across the government.

In the buildup to using GenAI and other tools, CMS is creating a data lake to pull information from different centers and offices across the agency.

Wetherby said this way the agency can place the right governance and security around the data since it crosses several types including clinical and claims information.

The post NIH, CMS finding a path to better data management first appeared on Federal News Network.

A year after a scathing report from the Defense Business Board found general unhappiness with the user experience with technology across the Defense Department, the chief information officer’s office is taking a simple approach to fix the computers.

A big part of this effort came earlier this year when DoD’s CIO created a customer experience office, led by Savanrith Kong, who now serves as the senior advisor for the user experience (UX) portfolio management office (PfMO).

Leslie Beavers, the principal deputy CIO for DoD, said the overarching philosophy behind this improved CX approach is putting the user and their mission first.

“I always lead off with, it’s got to be functional first. If it’s so secure that we can’t connect, we’re going to go around it and that’s not good,” Beavers said on Ask the CIO. “We have to be able to scale it. That’s the other big challenge that we have in the department. Not just internally, but we have to be able to scale to international allies and partners into the commercial world.  Then the third piece is we have to be secure, and in this case, it’s with the zero trust. It’s tagging the people, tagging the data and doing the audit so that we know what’s happening and we can identify intrusions.”

The DoD CIO’s office got the message multiple times about function over form when it comes to why the user’s experience is so important.

The first time happened in the “fix my computer” post by Michael Kanaan, the director of operations for the Air Force – MIT Artificial Intelligence Accelerator in June 2022 that went viral.

The second moment of truth came from the Defense Business Board in February 2023. The DBB released survey results showing 80% of survey respondents rating their user experience as average or below average. Out of about 20,000 respondents, 48% rated their experience as “worst,” and 32% fell into the category of average.

Over the last year, the DoD CIO’s office has been addressing both process and technology.

DoD’s holistic perspective

DoD CIO John Sherman said last summer that the idea is to bring some standardization to the refresh cycle across all of the military and ensure user experience is a part of every technology initiative.

Beavers said now that Kang is on board, he is shaping DoD’s user experience effort.

“We’re looking at it from a holistic perspective because user experience is more than just having the latest equipment. It is all around the functionality and in the department, it’s different than in the commercial world,” she said. “If you think about an F-35, it’s a flying interoperable networked computer with the pilot. So the user experience is from the warfighters’ perspective. But whether you’re sitting in an operations room or behind a desk or out in a plane or on a ship, does your IT and your communications equipment work together and can you stay secure? The department is also standing up a big effort to get after the IT for the warfighter.”

Through this initiative, Beavers said the challenges are much different, ranging from a huge install base to legacy technology not designed to be interoperable and a limited budget.

At same time, Beavers said there’s a lot of opportunity to make some improvements to the user experience.

“We should make a concerted effort to look at where our policies are standing in the way of the interoperability. Where do we need an engineering solution? And where do we need just a process change?” she said. “The department is really pretty good at buying big things over long periods of time and buying quick things and bringing them when there’s an imperative like a war. But it’s not ingrained as part of the standard operating procedure in the department as much as we would like so we’re working on building that piece out, to help bring in the new technology and also to improve the customer experience.”

DoD, VA collaboration

Beavers added DoD is using the Lean Six Sigma business process improvement approach to help sort through the potential changes and to better understand the broader impacts of process and policy revisions.

Some recent work with the Veterans Affairs Department is a customer experience win, Beavers said.

At the North Chicago Veterans Medical Center, VA and DoD staff have worked closely together for the past decade or more. But their systems and networks were separate and data sharing was basically non-existent.

She said in some cases, it would take around 36 mouse clicks to send an email between the DOD and the VA.

“We spent the last six months pivoting to Office 365 in the cloud and turning on some business functionality,” Beavers said. “This really was a cooperation problem where the security folks on both sides had to decide to configure the clouds the same way to enable that interoperability. We are rolling that out now to the people working in less than six months.”

The post DoD’s approach to fix its computers is function over form first appeared on Federal News Network.

CBP is recognizing not only the time and cost savings, and more importantly the safety to officers that small, unmanned aircraft can provide.

Quinn Palmer, the National Operations Director for small unmanned aircraft systems at CBP in the Homeland Security Department, said the use of drones has evolved across the agency’s mission sets.

“Small drones are really filling a critical niche between fixed surveillance systems and crewed aviation or manned aviation assets because of their range, because of their price point and the quick deploy ability,” Palmer said on Ask the CIO. “They can offer us surveillance over a much larger area on the border, like for search and rescue where we can cover broad swaths of territory very quickly. But another interesting piece of that is the nature of the drone, meaning its covertness, that’s been a hugely impactful component to how why drones are so valuable to us and to our agents in the field. What I mean by that is having the ability to surveil a target or a law enforcement situation covertly or silently allows our folks that situational awareness, that critical time element, to prepare more smartly to position themselves to make that initial engagement, which lends itself to officer safety, but also to the effectiveness of the law enforcement resolution.”

This type of impact is true across many CBP mission sets. From border surveillance and related missions to facility and tower inspections to creating training videos, using drones, for internal communications, the agency is using these unmanned small aircraft systems in more ways than ever imagined.

CBP flew 100,000 sorties in 2023

To that end, Palmer said CBP has grown its drone pilot crew to about 2,000 strong operating more than 330 systems from just half a dozen systems and 20 operators a about five years ago. It plans to grow to more than 500 assets and continue to train and hire operators in 2024.

“The response by the field, by the folks that are out there on the front line, are really engaging in and advocating for this capability in this technology. The leadership now see the value too,” Palmer said. “It’s always a trade off when you’ve got a workforce that’s stretched amongst many competing requirements and commitments, adding one more thing to do is something we’ve got to be very conscious about. It can be a distraction. It can be a negative to the labor cost of conducting a border security mission. But drones have not been that. It’s been a labor saving capability. We see an effect at the ground level, but not just in the price tag but in the time it takes to resolve law enforcement situations.”

In 2023, CBP flew about 20% of all of the direct air support missions for ground agents of the border patrol. From those flights came 48% of all apprehensions and seizures, Palmer said.

“We’re putting out about 25% of the output, but yielding about 50% of the outcome. That’s due to the proliferation of more drones being more places than manned aviation, but also the nature of the drone being covert and the effectiveness it lends its self to that interdiction aspect,” he said. “We apprehended about 42,000 folks crossing the border illegally. In fiscal 2020 through 2023, about 2,800 pounds of narcotics were seized, 95 vehicles seized and 13 weapons seized. That resulted from about 100,000 sorties about 50,000 hours flown.”

Sustainment plans for drones

All of those efforts in using drones instead of manned aviation in 2023 resulted in about $50 million in cost avoidance. Palmer said that money can be put back into mission and operational priorities helping the agency extend its limited budget.

“We’re actually benefiting not just from the cost savings associated with deploying drones versus some of these other more expensive surveillance capabilities. But we’re also benefiting because we’re able to control that interdiction much more efficiently, which translates into savings on the ground level because the labor costs associated with and the time associated with accomplishing that interdiction, and that resolution is minimized,” he said. “In many different ways, we found that drones are impacting and it’s not just from the budgetary standpoint, but they’re impacting the tactical advantage in the field.”

As with any new technology, CBP is learning how to manage the drones and educating the industry.

For example, the agency runs drones in austere environments whether cold, heat, dust or precipitation in a way that many manufacturers didn’t intend the systems to run in.

“We are using our equipment a lot compared to some of the other drone users in the United States. We’ve had industry partners say we never intended to fly this this much. We’re like, ‘well, don’t sell it to us,” Palmer joked.

Palmer said this means having a strict sustainment plan is more important than ever to keep the drones flying.

“This gentlemen at the National Transportation Safety Board (NTSB) told me this, and I’ll share it with you because I was thought it was very relevant. Drones are engineered to do very sophisticated things. But they’re engineered also at the same level as the toaster on your kitchen counter. So we do very intricate and very sophisticated things with drones, but they are consumable, for lack of better term,” he said. “We do have for our higher costing assets have sustainment plans and lifecycle plans associated to those acquisitions We do our due to our hard work to make sure that that that battery rotation and those kits are tracked and the motor arms and the propellers are replaced per manufacturer specifications. We’re doing all those kinds of things on the ground. But ultimately, small drone is should be considered as a consumable. They’re just not built to sustain.”

At the same time, Palmer said the marketplace is moving so fast that CBP or any organization could move to the next generation fairly quickly and inexpensively outweighing the cost of long-term sustainment plans.

The post Drones becoming central to a variety of CBP’s mission sets first appeared on Federal News Network.

When it comes to adopting secure artificial intelligence capabilities, the General Services Administration is doing all it can to make sure the government isn’t late to the game.

The draft Emerging Technology Framework from the cloud security program known as FedRAMP could be a key piece to that effort, especially if industry and agencies help drive the new approach.

Eric Mill, director of cloud strategy in the Technology Transformation Service in GSA, said the draft framework, for which comments are due March 11, is helping to ensure agencies get the expected benefits of using secure AI and large language models.

“This is strategically important for the program because what we’re doing here is FedRAMP is prioritizing its work around the strategic goals that the government has. It’s not just a first in, first out program. We are breaking a little bit of ground for the program,” Mill said on Ask the CIO. “It is that something we think is a good thing. As we engage in a prioritization process where FedRAMP is really important for what FedRAMP does, we have to make sure it’s well understood, that we are transparent to stakeholders, that it is fair and clear. That’s the foundation we’re trying to lay with this framework.”

GSA released the draft framework in late January as part of its effort to meet the requirements of the AI executive order President Joe Biden signed in October. In the document, GSA says it’s initially focused on emerging technology capabilities that use large language models (LLMs) and include chat interfaces, code-generation and debugging tools and prompt-based image generators.

Mill said the framework will help prioritize and manage the excitement around AI and LLMs.

“How do we strike the right balance? And, then, how do we operationalize that? How is it that we are prioritizing this thing in effect and that means having to come up with things like limits?” he said. “So part of what you see in the framework is the proposal that we stop at three. When we have three services that are based around chatbots, for example, using generative AI, and we’ve prioritized three of those things, we’re going to stop prioritizing that until we come back around and think again about what the priorities of FedRAMP should be. That is making sure that when we say prioritize, we’re actually prioritizing, and we’re not just focusing on AI as a program. FedRAMP is a program for the entire cloud market. But we want to be able to support this initiative so this is important strategically for figuring out how we answer those kinds of questions that are not at all totally AI specific.”

GSA to manage concerns over backlogs

That prioritization and limits to the number of cloud services is exactly why Mill said GSA is pushing vendors and others to comment on the draft framework.

He acknowledged the limitations, especially around AI, could cause some heartburn for vendors. FedRAMP already is seeing a lot of interest from vendors and agencies alike around AI and LLM services in the cloud.

“We definitely are seeing some services that are have already been in the marketplace that have added AI capabilities. We’re seeing things come in through the agency review process. We’re expecting that to go up,” Mill said. “We’re not responding to an abstract thing, but the things that we actually see coming in front of us.”

One of the big issues GSA still must address is what are the metrics or benchmarks it should use to determine if a technology fits into one of the three priority categories.

Mill said GSA is aware of possible backlogs building of vendors asking for their AI capability to go through the review process, and then that creating a bigger backlog for more typical cloud services.

“We very much are intent on making sure that the urgency that we see around accelerating the government’s use of emerging technologies doesn’t compete with those other things. That it doesn’t worsen the problem,” he said. “That is part of what we mean when we talk about the prioritization process and some of the limits associated. That’s how we’re ultimately going to make sure that the program stays responsive. We’re very engaged on short and long term structural changes to make sure that the program is operating at the pace that it should. We are treating speed as the security property that we know that cloud providers and agencies all believe in as well. That’s the spirit that you should see from us. And we’ll have a lot more to say later this year.”

More on tap for FedRAMP

Mill said he couldn’t speak to the timeline to get the version 1 of the framework out. He said he doesn’t expect GSA to sit on the comments and any updates from those comments for a long time. But, he said, it also will depend on what people say about the framework and how much GSA got correct already.

“I think we’re very much expecting for this to be an iterative process. This is not going to be the only bite at the apple for engaging with the FedRAMP team about this framework. Folks should feel absolutely feel free to reach out and suggest how we can do better on that,” he said. “We did put we put a lot of effort into that [blog] post to sharpen those questions. We absolutely encourage folks to go read the announcement and on this questions. Chief among them is, this question of are we are we measuring this right? I think the concept of prioritization means making some kind of hard choice somewhere, so when the agency does that, we want to know that, at the very least, everybody understood why we would make that decision and what factors went into that.”

Mill said beyond the finalizing the framework in the coming months, other priorities for FedRAMP center on improving the customer experience, both agency and industry users, and understanding the costs involved in obtaining approval.

Mill said GSA is trying to make sure it is on the same page with vendors about the time and cost to get through the security process.

“What we think it takes, is it the same as what the cloud providers think is one of the exercises that we’re going to be engaged on this year. We are updating what some of the key metrics are around that and talking pretty directly with stakeholders before we finalize those things. We will be keeping a feedback loop so that we are really orienting ourselves formally as a customer oriented program in that way,” he said. “I think you’ll see us engaging in that in a more in a pretty public way, maybe in a more tangible, mechanical sense. We’re definitely focused on speed as a security property. We’re definitely very interested in in identifying cloud providers that want to want to pilot different ways of working. There’s never been a more open mind to looking at process changes and piloting different approaches that don’t lower the bar for security, but allow us to focus the review energy on the process and on the items that we all understand are the most closely tied to security.”

Of course, Mill said once the draft memo from the Office of Management and Budget is finalized, a whole new set of priorities will open up.

“I hope folks see there is a sense of energy and responsiveness where the program wants to hear where it can change and where it can do a better job of threading that eternal needle of speed, security and everything else people want from the system,” he said. “It is not trivial, but it is the whole job of the program. I think there’s going to be not just this Emerging Technology Framework, but a pretty good series of feedback opportunities over the course of the year. I really encourage folks who come at that with the spirit of improving these processes, and feel please bring up things that maybe died on the vine a few years ago. But let’s not let the past foreclose the future. There’s not been a more open minded period of time in the program than I think what’s there right now.”

The post GSA’s emerging tech framework is a priority setter for AI first appeared on Federal News Network.

There may be no one facing the continued workforce and technology challenge more than Air Force’s intelligence community.

The move to new and emerging technologies like the cloud are directly clashing with the Air Force’s obligation to keep current systems running.

That is why Col. Michael Medgyessy, the chief information officer of Air Force Intelligence Office, said initiatives like the Air Force and Space Force’s Digital University are so important.

He said it’s more critical than ever to ensure his digital savvy airmen and women don’t get frustrated and leave.

“There are definitely new hires coming into the Air Force already digital savvy. They’re coders. They have a strong data understanding. And it’s this new workforce that we got to make sure it doesn’t get frustrated and leaves by enabling them to be able to do these types of things at the edge, enabling them with different technologies like low code, no code, automated workflows, being able to do scripts and things, and be able to understand that the lexicon is different,” Medgyessy said on Ask the CIO. “When do scripts become apps? When do data platforms that have user defined operational pictures on them that have names become apps that need accreditations? A lot of people will use the word app to describe a lot of different things that aren’t really, in my mind, actual, full stack applications. Then you go down these roads of, well, who’s approved this thing to be used? So enabling the workforce by ensuring that the lexicon is clear, and that they are empowered to do certain things is important.”

That also means, Medgyessy, who also is the cyber authorizing official and chief data officer for the intelligence office, said, defining user privileges and capabilities, relying on automation to help make those determinations faster and easier and protecting data and applications from intended or unintended problems.

Clearing Air Force obstacles

At the same time, by opening up these types of platforms to more airmen and women, they can solve problems more quickly, drive decision making to the edge and move faster in a secure manner.

And, Medgyessy said, “try not to frustrate them as much as possible and get them into paths that will let them use their skills and grow them.”

Limiting that frustration also means finding a way to say “yes” to new ideas. Medgyessy said he’s aware of the technology and process obstacles that can arise.

“The digital infrastructure needs to shift the mindset because every time we add new work, it’s not necessarily more cost, more resources and bodies to the person saying ‘yes,’ because the way we do this is a fully burdened cost model. So as a service, we scale elastically and the people asking for the permission to do something are coming with the funded requirement, which is actually scaling out not only the technology, but the workforce on the back end. The dynamic has shifted,” he said. “So actually, the more funded requirements we get on these capabilities, the more others can scale them out and get benefit from them. It’s a complete flip. Cybersecurity wise, we have to really take a culture and shift it from flat file repositories and reviews of those capabilities on a periodic basis into live data, and people that understand how to read code and go into the code repositories and understand where the production is getting spun up from under what policies and audits of those policies to ensure that they’re actually happening to the specifications we expect, but more so in a live manner, a dashboard manner, in a manner that understands that the production environment is in flux constantly.”

Medgyessy said his office is implementing those toolsets through continuous integration, continuous delivery (CICD) pipelines in the cloud, and leaning into reciprocity of other office’s or agency platforms.

“If we understand how a pipeline is built and the body of evidence has been approved, that they’re doing this to the specifications we also require, then those pipelines should also be able to provide a certificate that we accept and can move those containers to another environment to be able to be used without having a lot of security on top of that done, and move that in a very seamless fashion,” he said. “The only way we’re going to be able to do that at scale is not with humans, but with automation, and so our cybersecurity workforce really has to get into this world and understand it, as do the authorizing officials. The authorizing officials cannot be stuck in doing things the old industrial age way.”

Working across the community

To that end, the Air Force Intelligence Office has accepted three platforms from the National Geospatial and Intelligence Agency, the National Reconnaissance Office and from the Air Force’s Platform One. Additionally, the intelligence platform, ODIN, can bring on containerized applications from the Air Force Kessel Run and Space Force’s Gravity platforms “with very little cybersecurity rework and it’s very automated,” he said.

The access to and use of platforms is one major reason why Medgyessy said cloud office governance is a big deal for 2024.

He said with the emergence of the Joint Warfighting Cloud Capability (JWCC) vehicle and the continued use of the C2E program for the intelligence community, the governance process will help ensure users follow the guardrails the Air Force built for using cloud services.

“The shared inherited controls that you get when you using this way, the visibility and security cognizance of what’s going on in commercial cloud at any given time by the CIO is super important to trying to tame the Wild West, while not having to slow people down,” he said.. “We have to have an understanding that when you do come through the cloud office, yes, there’s going to be guardrails in place, but you’re also getting to go faster and you’re going to be more successful long term.”

That idea of going faster and being more successful also fits into Medgyessy’s goal of migrating successful agile pilots into sustainable programs.

He said the Air Force Intelligence Office is looking at moving to an “as-a-service” type of model to help get customer capabilities in place more quickly.

Air Force Intel Office to get new CDO

“We have a customer base that is larger than any normal program office’s customer base because normally that program office will have a certain finite set of users that they’re focused on. In this case, we have customer funding from all over the place, which is really been the goal for IT services. People have been wanting this forever, but we don’t actually have an institutional way to deliver what people have been wanting,” he said. “I’ll give you an example of like, we have a cost model, it’s fully burdened. So I can take customers as a multi-tenant cloud environment from anywhere and it will not cost the Air Force or the intelligence community any more money than what we were spending on supporting ourselves initially to get that capability running. But I’m scaling it out to all these customers who don’t have to duplicate the effort from scratch, and can just buy into what they need to scale it out to them. It actually helps us that model of doing business is very different.”

Medgyessy said a final priority is focused on data and improving the platform the information resides on. The good news for Medgyessy is the Air Force Intelligence Office is hiring chief data officer, for which applications closed Feb. 26. This means Medgyessy will wear one less hat.

“We have a lot of work happening with classified cloud at the edge and extending it really in two prongs. One prong is how do I get sensor data ingested into classify cloud in a low latency, high bandwidth fashion. It’s kind of like an internet of things model, where I’m doing processing at the edge, and I’m also redistributing some of that data to the regional nodes, and then bringing that back into classify cloud,” he said. “Then there’s also the data platform and how can we do replication and resynchronization when it’s reconnected across secret and top secret instances? Some of the difficulty and challenge there is regional cross domain solutions, and how we can actually move between the classifications of our data locally without having to come back to the continental United States to do it. That’s one big part there and furthering the standards for data sharing.”

The post Air Force Intelligence CIO finding ways to get to ‘yes’ first appeared on Federal News Network.

SAN DIEGO — Like almost all agencies, the Department of the Navy does a good job of buying and replacing old technology. Where the DoN, and most others struggle is how to sustain that application or system over the long term.

Jennifer Edgin, the assistant deputy chief of naval operations for information warfare, said her office is leading a perspective shift to ensure technology is onboarded quickly and is always modernized.

“It used to be you would buy a system, a box that was contained with hardware, software, all different types of things and use it until its end of life. Then you replace it with the next best thing,” Edgin said in an interview with Federal News Network at the AFCEA West conference. “As cloud computing and other cloud-based technologies have come online, it changes that model. The Defense Innovation Board had a great quote. It said software was never done. So when we talk about sustainment, we are talking about the iterative updates, the update of software, the update of different capabilities and new things that come online. That’s a mindset shift. That’s what you see kind of permeating across a lot of the conference talks that we’re having out here and a lot of the perspectives that we’re trying to drive as a resource sponsor. Changing our mindset from a buy and replace to a buy and sustain so that our sailors can get updates when they need them, how they need them to face whatever they may be facing at sea.”

The mindset comes from initiatives like the Navy’s Black Pearl software development platform. It comes from the success of Operation Flank Speed to give more than 600,000 sailors, seamen and civilians access to modern workplace applications in a secure cloud.

Jane Rathbun, the DoN chief information officer, said giving sailors, seamen and civilians access to platform- and software-as-a-service that meets the Defense Department’s zero trust requirements through Operation Flank Speed underlies this new approach.

“We are encouraging and driving to the optimal use of that platform so that we can get out of on-premise servers and get out of shared drives and things like that. We really want to take advantage of the cloud platform that is so agile for us and will allow us to maneuver in places that we have not been before,” Rathbun said in an interview on Ask the CIO. “We’re testing out Flank Speed on a ship. We put a hyperconvergence infrastructure stack on the ship so that we could drive to, what the secretary would like to see, is email for life for our sailors. I think you’re probably well aware that today when you’re going to ship, you get a new email address. If you’re the commodore of multiple ships, you have multiple email addresses. It seems maybe not one of the most important priorities that we could be working on, but I think if we’ve got the technology, the technology is demonstrating that it can work, we should start evolving and improving the experience of the sailor.”

The aircraft carrier the USS Abraham Lincoln will test the hyperconverged infrastructure version of Azure, using different connections including low-earth orbit satellites or other access methods.

Navy modernizes records management

Rathbun said the Operation Flank Speed is an evergreening approach, meaning because it’s updated all the time, understanding how it works afloat is important.

“We also are looking at what unclassified applications could we store in that environment that could be leveraged on the ship? Think personnel training and logistics kinds of capabilities,” she said.

Rathbun said Operation Flank Speed is more than just email. The Microsoft Azure platform will let users develop applications at no or low cost, which is much different than the old way that relies on program managers and acquisitions.

A recent example that the DoN CIO implemented recently is around records management.

Rathbun said the Marines Corps started using Office 365 suite tools to manage a majority of their records and the DoN CIO saw that success and expanded the mandate to all of the Navy.

The new approach replaces the DoN Tasking, Records and Consolidated Knowledge Enterprise Repository (TRACKER). The Program Executive Office Digital worked with the Naval Network Warfare Command to test out a minimal viable product moving more than 20 million records to the new system.

Once the National Archives and Records Administration (NARA) confirmed the MVP worked, the DoN CIO made this new approach the only way forward.

The Navy is considering using a Microsoft capability called Form Recognizer, which relies on artificial intelligence technology that lets users upload files and extrapolate text, whether handwritten or types, from forms, to further expand the records management capabilities.

Breaking up requirements

The move of records management to Office 365 is also a good example of another piece of this change that Edgin is pursuing. She said separating the functional requirements from the technical requirements is also part of this effort.

“When you say things like no code, low code, those are design parameters or technical requirements that we can put in place. The functional requirements are from a user’s viewpoint. I’m a sailor on a surface vessel, and I need to be able to accomplish A, B and C. That’s a great functional requirement,” she said. “If we look today, all of those things are integrated together. One of the things that we’re doing from our role as a resource sponsor is separating them because low code, no code could be what we use today, but maybe there’s a great computer advancement a year from now. The functional requirement is still valid, but how we meet that requirement could change. That’s where separating these two things will allow us to iterate very, very fast.”

Generally speaking, functional requirements remain relatively stable, while the technical side can change rapidly. Edgin said that is why having a good governance process with the technical side, the user community and industry also is key.

Edgin said the Navy needs to create an ecosystem that can support not only the separation of the technical and functional requirements, but also the ability to iterate software capabilities faster.

She said that ecosystem must be based on application programming interfaces (APIs) and driven by the people, processes and technologies.

The Navy recently addressed a key piece of the ecosystem by updating one of its main cyber policies last year.

Edgin said the old policy didn’t specify the role that everybody played in this modern technical ecosystem.

“We spent some time last year getting that policy right. I like to say we invited everyone to Thanksgiving dinner and put the place cards out, and now everybody’s really seated at that table,” she said. “Things from the technical side of our acquisition arm, where do they come into play here? Where does our fleet come into play here? How do we look at cybersecurity compliance and then the authority to connect? So where does the network owner, the platform owner come into this? We spent some time really getting that right, getting a governance structure right for how we make decisions and how we interact. The next hurdle that we’re climbing over is the playbooks. How do these work? How do we define those business process? That’s what we’ll be releasing in the next year.”

The post Navy seeks to break its buy, replace technology model first appeared on Federal News Network.

From new authorities to an updated organizational structure, the State Department’s acquisition office is going to look much different in the next few years.

State is reorganizing its acquisition efforts around four lines of business:

• Diplomatic security
• Overseas buildings and construction
• Technology, cybersecurity and artificial intelligence
• Professional services

Michael Derrios, the senior procurement executive at the State Department, said the goal of the reorganization is to help agency customers get services from a consolidated and expert group of contracting professionals.

“It helps me with category management. How do we aggregate the demand?” Derrios said at the recent ACT-IAC AI Acquisition Forum. “I love the fact we have the best-in-class vehicles. We use those. But that is not the panacea for category management. Where the rubber really hits the road and where we really save money is when I can go to 10 customers that, in real-time, have a need and a procurement action that is coming in the next couple of months or weeks and say, ‘hey, let’s talk about that. Is there an opportunity smartly aggregate that demand?’ We can approach industry in a means where we can leverage our buying power.”

While that new structure comes into place, Derrios also is giving State’s acquisition workforce new tools and creating new governance bodies to help reduce time to contract award.

One new acquisition approach that all of these new organizations will be able to take advantage of in the coming years is the use of State Department specific federally-funded research and development centers (FFRDCs).

Derrios said State received approval in October to enter into sponsorship agreements and establish direct relationships with FFRDCs.

“It gives us another tool in the toolbox that we just don’t have today. Today we have to go to other agencies and try to get access to their FFRDCs. Now we will be able to have our own suite of FFRDC contractors,” Derrios said in a recent interview on Ask the CIO. “We just didn’t have our own indefinite delivery, indefinite quantity (IDIQ) vehicles with the MITREs, LMIs or RANDs of the world. They provide great service in niche areas. The State Department’s mission is evolving. We are now doing things that the department wasn’t asked to do in year’s past. I think that is the case across the board in all aspects of our mission. The research aspect, especially of R&D, is something we could benefit from.”

State seeking OTA authority

State’s office previously could use other agency’s, such as the Department of Defense, contracts with FFRDCs as long as it met the scope requirements.

But Derrios said scope was only one challenge. Agencies tend to protect the contract ceilings of their FFRDC vehicles so that too limited access.

“The other agencies is going to, and rightfully so, protect the ceiling on their vehicles and when other agencies are eating into that ceilings a bit too much, they back off and say, ‘hey, you need to go somewhere else and get that support,’” he said. “We could be right in the middle of something, and frankly it happened, and had to start over. We want to try to alleviate this problem by having access to our own suite of vehicles.”

Along with FFRDCs, Derrios remains optimistic that Congress will grant State another important acquisition tool: The authority to use other transaction agreements (OTAs).

He said State has asked Congress for permission two years in a row, and would like to see OTAs expanded to all agencies.

“I think the State Department has some very unique needs that we could benefit from OTA authority,” he said. “In our diplomatic security portfolio, for example, the ability to accelerate development of a particular security related product could absolutely help our mission set. The ability to do that with a vendor who may be doesn’t know anything about federal procurement, and, frankly, may not even care about federal procurement, but they would be happy to develop something that they may be using elsewhere, we would love to have that capability more at the Department of State. I’m going to keep at it and see where it goes.”

New governance over large projects

The new acquisition tools and the reorganization are pieces of a larger effort to improve how the State Department manages acquisition more broadly.

Over the last year, Derrios said his office launched an Executive Business Review Council (EBRC) to look at acquisition from the mission and contracting sides.

“We really want to shore up both sides of the house there, and we’re requiring folks at a particular dollar threshold to come forward and talk about their program plans and the infrastructure that they’ve established, including their budgeting, how prepared are they for us to enter into a big contract for them, their acquisition support needs and is there a good acquisition strategy attached to it?” he said. “This EBRC is in a pilot phase right now. We’ve already had a couple of programs go through it successfully, I think, and it’s sparked really good dialogue with a set of executives that have shared equities and the department’s acquisition program.”

The executive council is led by Alaina Teplitz, State’s assistant secretary of the Bureau of Administration and chief procurement officer, and Douglas Pitkin, State’s director of the Bureau of Budget and Planning and program management improvement officer.

Derrios and other senior leaders like Kelly Fletcher, State’s chief information officer, also sit on the council.

“The BRC is a big one for us. It’s a flagship effort to really start to think about how we do major acquisitions differently,” Derrios said. “The threshold [for review] is $250 million and over. So it’s pretty high. We don’t want to clog the system with everything. It’s risk based. At that dollar threshold, we’re expecting program offices to have a more formalized plan and approach for program management. The procurements at that level are usually for systems, which are very complex and/or major services. It’s aimed at catching those things and not creating a bottleneck with lower dollar things.”

State will be putting more large-dollar projects through the ECRB in 2024, capture lessons learned and sharing them across the department.

Derrios said he hopes the benefit of this approach is accelerating acquisition planning and time to award.

State’s new forecast to industry

The other significant governance change that started in 2023 and will expand in this year is around procurement planning.

Derrios said State is doing two things. First, it’s redesigning their forecast tool to make it much more robust. He said industry should be “pretty excited” for the forecast tool’s redesign.

Second, State is putting more thought and efforts in its procurement planning conferences. Derrios hopes to create easier and more often opportunities for program managers, contracting experts and industry to get together to talk about their upcoming needs.

He said, too often, those discussions don’t happen for an assortment of reasons and program folks end up missing out on potential innovations.

“We’re trying to drive that in a formalized process so that all of our customers are getting that same experience. We have very good planning, unfortunately, sometimes it’s in pockets. We’re not leveraging that, I think, to the extent that we should be,” he said. “All of that upfront work needs to happen in order to populate a better forecast for industry to see. We’re trying to build an acquisition ecosystem at the department where it all fits in together. I’ll make the distinction between acquisition planning and procurement planning. Procurement planning is what are the vehicles that we need to put in place for you to meet your needs? The acquisition planning is, ‘hey, so you’re going to be going after a big contract that is delivering capability for the department’s mission, and this program is integral to mission success and the contracts that we’re going to award.’ It’s all connected.”

The post State Dept reshaping acquisition organization, processes first appeared on Federal News Network.

The General Services Administration’s (GSA) third attempt to modernize the catalog management system running on its Advantage! program seems to have finally hit the right mark.

GSA is expanding the number of users of the new FAS Catalog Platform (FCP) after a successful test run over the last year with vendors under the Office Supplies 4 contract.

Mike Shepherd, the director of the catalog management office in GSA’s Federal Acquisition Service, said industry sellers and agency buyers will see a stark change when using the FCP from the previous catalog management system, called the Schedule Input Program (SIP), under GSA Advantage!.

“The FCP, in its most basic form, is replacing SIP with a new web-based user interface. It’s going to bring in some really new key enhancements that are going to benefit both our suppliers as well as our acquisition workforce and customers,” Shepherd said in an interview on Ask the CIO. “On the Advantage! side, it’s an intuitive web-based application. When you log in to FCP, you will quickly realize this is very different from that desktop SIP application. But really, it’s more than that. It’s a capability that’s going to be integrated with e-modification in such a way where we’re going to be able to capture catalog information during the modification process. What this means for our suppliers is we’re going to be able to automate publishing to GSA Advantage!. We’re going to speed up that time to get catalog changes down to the Advantage! platform.”

The time it takes to modify a catalog has been a major and long-standing pain point for industry for the last two decades.

GSA says the new platform automatically publishes modifications to GSA Advantage!, saving an average of 34 days for vendors adding new products to their catalogs. GSA also says it publishes catalog deletions within 1-to-2 days of a modification submitted by the contractor.

Shepherd said it used to take more than 10 days to be able to delete products.

In addition to addressing long-standing pain points, GSA says the new platform also features several other modern tools.

• Automated data validation checks.
• A central hub to review all catalog actions and statuses.
• Access to catalog history.
• Shared user interface between contractors, contract specialists and vendor support center staff.

As part of the platform’s expansion, GSA will add more users and begin a pilot covering professional services.

Shepherd said the initial pilot included 32 companies on the OS4 vehicle. GSA asked contractors last year about their interest in joining the expanded pilot to use the FCP.

“We’re going to scale up about five times, so to about 150 new users onboarding in this next tranche. From there in January, we’re going to plan to bring in more and continue to bring in a few hundred per month through the end of fiscal 2024,” he said. “What that means for us in terms of our target as a program is that we’re going to move the majority of Advantage! catalogs into this new platform by the end of the fiscal year so that users can benefit from these new features.”

GSA to expand to services

Shepherd said GSA plans to expand the catalog platform to services contractors later this year.

“How can we make it easier for suppliers to submit labor categories and rates? As part of this year ahead, we are targeting a limited pilot for services, a minimum viable product (MVP), much like the MVP we have for products today by the end of the fiscal year,” he said. “The initial services MVP will allow us to collect structured data for services. That means labor categories and rates. Once we have that, structured data is really going to be foundational to allow us to feed the CALC-Plus tool. So for contracting officers today, if you work in GSA, you are uploading to CALC-Plus through a fairly manual two-step process. But through FCP, by taking in labor categories and rates, we will be able to feed that data directly into CALC-Plus as one of the use cases.”

GSA has tried to modernize the SIP system at least two other times over the last decade, but fell short of expectations.

Shepherd said GSA took the lessons learned from those failures and applied them to this current effort, including, for possibly the first time, having a dedicated office and employees for the catalog platform modernization initiative.

“One big difference between the legacy SIP program and what we’re doing now is I am here as the director of the catalog management program at GSA. That is no small thing. What that should signal to all of our stakeholders is catalog management matters: Coming up with more efficient, cleaner way to process catalog information and then improving the advantage experience on the front end for our customers,” he said. “It matters enough where we’re going to establish a catalog management office to do that work.”

Long-term modernization effort

The new catalog is part of a broader and long-running effort to modernize GSA Advantage!. GSA consolidated the schedules program from 24 to 1 and has been modernizing its user tools and the back-end systems that both run and feed Advantage!.

Shepherd said GSA will continue to keep industry and agency customers in the loop on its next steps. For example, GSA sends out a survey to contractors who have been using the new catalog after so many months.

“If a user happens to hit a friction point in their journey, they can fill out a survey then and give us that feedback in real time,” he said. “We are also very focused on meeting with users in small groups once they’ve been in the application for a few months, working with them to understand what’s good, what’s bad and where do we need to focus some energy going forward. We’re going to continue to do that throughout this user transition moving into the fall. So far, at least, the survey results are positive. But we recognize, as we scale this, certainly new challenges will emerge and we’re ready for those challenges.”

The post GSA marks key milestone in schedules modernization effort first appeared on Federal News Network.

The Education Department was one of three agencies to receive an “A” grade under the 16^th iteration of the Federal IT Acquisition Reform Act (FITARA) scorecard.

And while earning the top mark on the scorecard is an accomplishment, Education’s real achievement is in how it’s experiencing the impact of FITARA to deliver technology services.

Luis Lopez, the Education Department’s chief information officer, said the underlying tenets of FITARA is helping the agency better manage and modernize its IT systems.

“This is not just an OCIO effort. This is something that, while we foot stomp, the execution of all the principal offices and their engagement has been refreshing,” Lopez said on Ask the CIO. “This FITARA score has to be with the work of all of the CXOs. I think that relationship that’s been going on for years, which is why you’ve seen since June 2017, the eight Bs and the two As. That relationship has been there and fostered and grown by [our] team. So it’s just a matter of continuing to improve, and I think we’re in that right place.”

Rep. Gerry Connolly (D-Va.), the co-author of FITARA, will release the 17^th iteration of the scorecard on Thursday. The CIOs at the Office of Personnel Management, the Nuclear Regulatory Commission and the U.S. Agency for International Development and the Government Accountability Office are expected to join the roundtable discussion.

Part of that effort is Lopez set up a customer advisory council last summer to get more out of FITARA than just the letter grade. Lopez said he uses the council to help explain to non-IT executives why the 2014 law matters to them and it’s more than just a technology priority.

“When we explain that in such a way to some of the senior executives in the senior customer advisory council, they start seeing that picture. It’s like, ‘oh, okay, that makes sense. Maybe I don’t want to go buy this new tool for this this system that I want because maybe I can leverage something in the portfolio that we already had. And let’s maybe sunset something else,’” he said. “Everyone becomes more mindful of not just cost savings and avoidance, but is this really the best for our environment, and, then, how does that translate to the modernization efforts?”

The customer advisory council also helps Education with the IT governance process.

Lopez, who became CIO in December 2022, said a good example of the impact of the council came during the pandemic when Education consolidated and standardized the number of video teleconferencing and collaboration tools.

“I think we probably had about 65 that we’ve installed across our entire enterprise, which gives us the ability to use different collaboration tools, whether it’s Teams or Zoom or WebEx or what have you,” he said. “But they understand that there is a governance process for a reason and that there is an IT sprawl going across the board if everyone gets their own solution. I can tell you several years ago, that’s what happened around collaboration tools. But when we go back and articulate this to the staff across the board, they understand that there is a governance process for a reason.”

Big savings from EIS

While Education may not have consolidated the tools, it did bring them under a better management approach because of FITARA and through the Enterprise Infrastructure Solutions (EIS) contract.

Education is one of a few Cabinet agencies to have fully transitioned to EIS from the Networx contract.

“Folks are engaging and really embracing what EIS has brought. We used to only have guest WiFi for anyone who was a guest at our D.C. buildings, and two of our regional buildings out of 17. Now we have guest WiFi in all of our buildings, and we also have government WiFi in our buildings,” Lopez said. “We were able to do that all by cost savings and avoidance on top of that. This is where FITARA comes to mind with EIS. We’re modernizing our technology, we’re getting our portfolio better, and we’re also reducing our costs, which allows us to redirect those dollars for something else. It’s not easy, which is why I think we’re with EIS for the next 11 to 12 years. It’s a large contract that is giving us a lot of flexibility to modernize for our customer base.”

The governance over the collaboration and teleconferencing tools came at a good time as the number of calls reached 800,000 a month, up recently from 60,000 a month pre-pandemic.

Additionally, through EIS, Education is providing employees an alternative to a desk phone or even a mobile phone, called a “soft phone,” which lets users have a dedicated phone number through their laptop.

Lopez estimated that Education will save $36 million to $40 million by transitioning to and taking advantage of the modern technologies under EIS.

Lopez said the website consolidation contract is another example of how FITARA has helped drive modernization.

Website, other upgrades coming

He said the technology behind the Ed.gov site hasn’t been upgraded in 20 years.

“We want to get a website that is obviously aligned to the 21st Century IDEA Act. One that is more personable so we’re aligning to different personas, whether you’re an educator, a student or whatever the case may be. We want to make sure that it’s easier to align and get that customer service,” he said. “We’re probably getting a lot more buying power and not only that, but we’re also getting better governance, not just from the IT portfolio, but also the look and feel of that website. When the public goes to Ed.gov, they will find everything they need.”

He said Education will complete phase 2 of the website modernization by June and all four phases by 2025.

Another major priority in 2024 is to finalize the award for its hosting environment. While Lopez said he couldn’t offer too much since the recompete is in the middle of source selection, Education doubled the size of its footprint since the last contract award and the amount of data has exploded.

Education’s move to a zero trust architecture also is a big focus this year.

“We received Technology Modernization Fund dollars to implement secure access service edge (SASE) technology, or at least our very first big phase of it, which is that always-on encrypted connection. What that does is we will use that to get on your laptop, you click the button and then it puts in the virtual private network (VPN). We’re a lot more secure. We’re a lot faster and the customer loves it,” he said. “We’ve seen tickets drop with VPN problems. That overall experience in the ZTA space is a big one that we’re looking to complete.”

The post With FITARA 17 coming, Education shows what an ‘A’ grade signifies first appeared on Federal News Network.

The old days of “post and pray” to recruit employees into civilian positions in the Army is over.

Instead, the Army is moving toward a more active, and less passive, model of recruitment.

The principal deputy assistant secretary of the Army for Manpower and Reserve Affairs said the service is replacing “word of mouth” recruiting with an approach that is more targeted and understanding of the employees’ expectations for their career.

“We recognize that there is a lot of talent out there in the country that we need to be able to tap into. We need to push out the message that there are opportunities as an Army civilian, and that they should take advantage of those opportunities. Our recruiting message has modified from ‘hey, you need to come in and serve for 30 years as an Army civilian,’ which is pretty daunting to our younger workforce, to what we are now adopting, and what Dr. [Agnes] Schaefer [the assistant secretary of the Army for Manpower and Reserve Affairs] has coined this term, the ‘jungle gym’ model,” Bourcicot said on Ask the CIO. “This is where people come in and do three years in as a civilian, and then jump to something else. They go to the private sector for a couple of years, and then come back in, and then go back out and maybe start a business. They can do all different kinds of things. We’re telling people that civilian service should be a part of an overarching career path. It’s an enabling thing. It’s not an off ramp, and that we have amazing career and training opportunities for them to build skills that are that are just harder to get than in the private sector.”

The Army has about 500 occupations separated into 11 career fields that it’s trying to hire civilian employees for.

While USAJobs.gov remains a key piece to the ‘jungle gym’ recruiting effort, the Army has taken several steps to change how it approaches recruitment, starting off with a revamp of GoArmy.com by adding a “civilian workforce” tab to the military and National Guard areas of the website.

“Another thing that we’re doing is expanding our online footprint. So instead of just USAJobs, which is still the portal that people are going to use to apply, they can go to LinkedIn, and we are taking advantage of going to places where the people are by posting our jobs on platforms like Yello, in order to reach out to that cohort that doesn’t necessarily know, ‘hey, I can apply to an Army job,’” Bourcicot said. “We are going to career fairs and we are offering jobs on the spot. We’ve given offers at the Black Engineer of the Year awards, some 70 job offers there. We are updating our procedures to try and get the security clearance process going as well. So we’re really trying to make those jobs not only visible, but also accessible.”

A key piece to that visibility and accessibility is shrinking the time to hire so the Army can be more competitive in hiring for tough to fill positions like cybersecurity, data science and many others.

Time-to-hire still too long

The Army currently is averaging about 93 days to hire a civilian employee, which Bourcicot said isn’t too different than the private sector when it comes to certain highly skilled jobs.

“One of the things that we’re changing is how we communicate and how we manage expectations. In my own experience in technology, I had a warm body that I could send an email to and say, ‘Hey, where is my package and am I still under consideration?’ I had an experience when I applied to a job through USAJobs years and years ago, where I sent my resume in and then like eight months later, I got a message back that I wasn’t going to be hired. Of course by that time, I had a new job and I had completely forgotten about it,” she said. “I know that our team has been working directly with USAJobs in order to improve customer experience. One of the things that Army has done is we’ve stood up the Army Civilian Career Management Activity (ACCMA), where we have organized around our strategy. One of the things that we’re doing is giving some structure to having those touch points with candidates so that we keep them warm and make sure that they know that they’re valued, that we’re interested in considering them.”

The Army, at the very least, is now getting much better about sending automated notices to candidates to keep them informed about where they are in the process as part of how they are improving the applicant experience.

It’s not just recruiting the next generation of civilian employees that the Army is focused on. Once they do get on board, Bourcicot said it must keep them trained and give them a career pathway.

Focus on the Army 2040 strategy

Bourcicot said ACCMA is providing a more deliberate management approach of employees’ careers.

“ACCMA really enables upskilling and reskilling so that the information that somebody needs in order to manage their career is easily accessible. In addition to their supervisor, they’ll have a human resources specialist that they can work with,” she said. “If they are a GS-5 and want to become a GS-7, or a GS-15 and want to know how to become a member of the Senior Executive Service (SES), it can feel overwhelming. How are we providing resources to people so that it is more accessible to them?”

Additionally, ACCMA is bringing more consistency and standards to the civilian talent management processes as part of the Army 2040 strategy.

Bourcicot said as part of the 2040 strategy, the civilian workforce must have the capabilities to support the warfighter over the long term.

“We’re thinking ahead. We know that these people are going to be part of that fight, and we know that it’s going to be in high demand,” she said. “We’re working on getting after that pipeline. We have a pilot program with Carnegie Mellon University, for example, where we are sending folks to get to get Master’s degrees in developing the skill sets and bringing them on board. We’re standing up our prevention workforce and there’s a need for data scientists to analyze our soldier programs to make sure that they’re delivering what we need in order to meet the strategic objectives to reduce harmful behaviors in the force. We have a whole cyber workforce that we have just transitioned to the cyber excepted service, and some of those jobs are going to be white hat hackers. We want those folks to come on board. We’re working on cultivating the pipeline. We’re working on being competitive, so that people want to move over and have a lateral shift and also move up the management ranks.”

The post Army turns to ‘jungle gym’ model to promote opportunities in the civilian workforce first appeared on Federal News Network.

The Cybersecurity and Infrastructure Security Agency’s goal for year 12 of the continuous diagnostics and mitigation program is quite simple.

CISA is focused on operationalizing current cyber tools to make sure agencies are getting the full value out of them.

Matt House, the program manager for the CDM program at CISA, said this new focus is non-trivial when it comes the 100 or so federal civilian agencies using CDM.

“For us, priorities for the fiscal 2024 include getting to the point where, we are declaring our asset management efforts, related to traditional endpoints of network servers, workstations, laptops and desktops to complete. We’re very close there,” House said on Ask the CIO. “But we recognize that asset management as a family of capabilities is not done yet. We’re about halfway through on mobile asset class work, so that’s going to continue hot and heavy this fiscal year. We began some pilots on some of that similar capabilities for cloud assets in 2023, and so in 2024, we expect to continue to ramp that up as another broad class of assets that we want to bring under management and under visibility, if you will.”

In addition to traditional IT end points, CDM will venture into internet of things and other connected devices that are considered non-traditional or operational technology.

“From an asset management perspective, it’s starting to tackle those or continuing to tackle those other asset classes. The path and timeline will vary as you think across those different assets in terms of what that’s going to look like. But our objective is the same for all which is to have parity in terms of visibility,” he said. “Fundamentally, these devices are not radically different than some of our traditional endpoints. But there’s a much greater breadth of implementation and quirkiness, if you will, to some of these devices. We are now evaluating some of those products that have been introduced into the market in the past few years that are a little bit more purpose built and tuned for dealing with sensing on IoT devices. With traditional endpoints, it’s more straightforward where we can do things like deploy an agent, and that agent can run locally on that device to sense all of the needs and report back. With IoT, and with some of these other things that we need to report on and ensure we have visibility to in the network, that’s a little bit more like remote sensing, and so there’s some technical nuance there that we’re trying to isolate through the use of maybe some purpose built tools.”

House added CISA will try to better understand the current tools and capabilities in the commercial market today and how they could take advantage of them.

FISMA’s focus on OT systems

CDM’s move to include more OT system data comes as part of a broader governmentwide effort to better manage and secure these non-traditional systems.

In the Office of Management and Budget’s 2024 Federal Information Security Management Act (FISMA) guidance, agencies must establish an enterprise-wide inventory of their agency’s covered IoT assets by the end of fiscal 2024. These OT systems include everything from industrial control systems to building management systems to fire control systems to physical access control mechanisms.

“Inventorying agency IoT assets, including those that qualify as OT, is critical for ensuring the cybersecurity posture of an enterprise, as these assets are increasingly interconnected with IT hardware and software. An inventory enables agency CIOs and CISOs to gain visibility over their connected devices and systems, apply appropriate controls (such as those set out in NIST SP 800-82 and NIST SP 800-213), and make risk-based decisions about mitigating against cybersecurity threats,” OMB wrote in the guidance sent to agencies in December. “Additionally, an inventory enables agencies to more efficiently identify and mitigate vulnerabilities to ensure a more secure and resilient infrastructure. Inventorying is also a necessary prerequisite to establishing a baseline to enable monitoring and detecting unauthorized, abnormal, or potentially malicious activities.”

As part of its 2024 FISMA metrics sent to agencies in December, CISA is asking for agencies to submit to them the number of systems that include operational technology (OT) and/or Internet of Things (IoT) devices and whether they are low, medium or high impact levels. Then within each of those impact levels, CISA wants to know the number of systems that include Internet of Things devices and the number of systems that include operational technology devices that are considered IoT, based on NIST definitions.

Outside of IoT and operational technology, House said CDM will continue to push the implementation of endpoint detection and response capabilities.

Finishing the rollout of EDR

He said CISA expects to finalize the roll out of EDR across the civilian agencies in 2024.

“The other thing that we’re doing now that’s pretty exciting and probably the single most significant effort that we’re going to undertake this fiscal year is enabling what we call persistent access capability (PAC) through EDR, which is the unique capability that we’ll have in CISA to be able to have our threat hunters and cyber analysts have visibility across the EDR implementations in the federal civilian agencies,” he said. “That’s super transformative in terms of being a force multiplier for agencies from a cyber defense and cyber response perspective. It’s actually a very straightforward, easy thing for us to enable from a technical perspective, provided agencies have hit critical mass on their EDR implementations.”

A lot of that data from PAC and EDR go into agency and CISA’s CDM dashboards. House said over the past few years CISA has taken several steps to bring the dashboard into a good place in terms of capability and usage across the government.

“A push for us this fiscal year is to get more agencies on boarded into our hosted version of dashboard. The dashboard-as-a-service takes away some of the complexity, costs and concerns that agencies have of running their own instance of their agency dashboard and we will host it for them. It allows for a lot more economies of scale for us that I think give us and the agencies the best of both worlds,” he said. “The other things from a dashboard perspective I’m excited about is as part of our last release in fiscal 2023, version 6 of the dashboard, is we turned on some capability related to automating some FISMA metrics reporting. We’re just starting to do that. I think we’ve got a couple toes in that pool now and we will be continuing to expand that during 2024. That’s going to become a big area of emphasis for us because it’s relatively low lift for us. It’s relatively low complexity and risk. I think [everyone] would agree that it adds a lot of value in terms of getting out of the manual quarterly reporting cycle for some metrics that are ready for automation.”

House added the automation of certain FISMA metrics means directly relates back to the operationalizing CDM goal. He said it gives cyber analysts and defenders more time to focus on defense and risk mitigation and not on reporting data.

That is especially true for one more capability CDM is planning for in 2024, over-the-air updates to the dashboard.

House said version 6 includes that ability to push content updates more quickly.

“What we’re going to be doing a lot more this year of is pushing out content updates that have no security impact to agency dashboard. They don’t need to go through a rigorous agency based code review or security review,” he said. “We can push these things out and when we have the vulnerability of the week, the latest greatest vulnerability comes out that everybody’s got to jump on, we can have a purpose built dashboard visualizations in the federal dashboard and we can push those out to the agency dashboards to give agencies that very timely heads up display of how to how to go kill the monster of the week. That’s a big thing for us because it’s leveraging, again, capability that we built that we’ll want to continue to maximize to really drive operational use of the dashboard at the agency level.”

The post CISA ready to take CDM program into the world of OT first appeared on Federal News Network.

The National Geospatial-Intelligence Agency is in the midst of figuring out how to apply zero trust capabilities across more than 1,300 systems and applications.

The variety and breadth of this effort requires a different kind of approach to meeting the goals laid out by the intelligence community and the Defense Department.

The Energy Department’s journey to zero trust is taking a workforce-first approach.

And the Consumer Financial Protection Bureau, the application layer in the zero trust pillars is getting some special attention.

As the common refrain goes with the governmentwide initiative, there is no one path to zero trust, just the same end goal: To fundamentally change the way agencies protect their systems and data.

“One of the things we’re really focused on is how can we assess the integrity of the zero trust implementations independent of any specific commercial vendors technology? How do we do it kind of at a technology level and at a high level, but also how do we come up with standards that allow us to assess the integrity of like our trust algorithms inside of the policy decision points and the policy engines? How do we come up with a standard measure for indicating the security there so that’s just one of the areas that we’re looking into?” said Donald Coulter, the cybersecurity science advisor for the Office of Science and Technology at the Department of Homeland Security, during a recent panel at the 930Gov conference, an excerpt of which was played on Ask the CIO. “We’re going to be looking at how do we improve zero trust capabilities and fundamental technologies that are beyond what the standard commercial implementations are providing in the near term, that includes looking at how to expand contextual awareness and expand all the metadata associated with all the systems and resources that we have to be able to communicate those across systems and system boundaries and organizational boundaries.”

Coulter said S&T will focus on standards for system engineering and the development lifecycle and how to bring them together, especially from a supply chain risk management perspective.

Among the questions S&T is asking about zero trust are: How are we influencing the standards creation to make sure that we’re approaching them to make sure that we have the visibility and understanding to retain the resilience and understanding of what’s going on in systems? How can we help the developers and the consumers understand what they’re buying and what they’re deploying is safe?

That question and challenge of integration is front and center in NGA’s zero trust strategy.

Monica Montgomery, deputy chief information security officer and deputy director of the cybersecurity office at NGA, said there are seven pilots driven through the agency’s enterprise architecture to address all the zero trust pillars.

“We have seven minimal viable products (MVPs) that are across those seven different pillars, but that has broken down into 91 different zero trust activities and 170 enterprise requirements,” Montgomery said. “As systems come through that, business management systems, they are producing those requests for changes (RFCs), each one of those is getting bounced across our solution epic. So we don’t have to go to all the programs. The programs are coming to us, and that’s given us a really a great opportunity to look at how we can take funding that we’ve received from the Office of Management and Budget, from the Director of National Intelligence and from the Defense Department, and appropriately section that off and fund those enterprise security services, first and foremost. But that’s not the totality of our enterprise, so we have to find ways to get to those smaller programs that are needing that funding who can’t afford to do it themselves. So doing that through our enterprise architecture and our solution epic, I think we’ve got a unique approach.”

NGA identified those minimum viable products based a few criteria, including enterprisewide systems, how the capabilities meet DoD and IC zero trust target activities and how they could get other parts of the agency on board more quickly.

The last criteria, getting everyone on the zero trust bandwagon, can be among the toughest parts of the effort.

To that end, the Energy Department is requiring a minimum level of training for all employees.

Amy Hamilton, the visiting faculty chairperson at the National Defense University’s College of Information and Cyberspace and Energy’s senior advisor for national cybersecurity policy and programs, said investing in people and training is among Energy’s most important zero trust initiatives.

“What the department is doing is ensuring one person at every site in every cybersecurity program is trained on zero trust specifically. That has been an enormous initiative that took a lot of effort because a lot of times we don’t invest in the people and it’s more about getting a tool. So to actually have those people out there trying to do something that we’re finding very rewarding,” Hamilton said. “We selected one vendor to go ahead and [create standardized training courses]. We also had them specifically tailor some of their knowledge base so that people can go ahead and access a Rolodex. What it has really done for the department, though, is give us a common lexicon and that gives us also a common point for deviation.”

NGA’s Montgomery added her agency is making cybersecurity a part of everyone’s job.

“It is no longer the 137 people who are considered cybersecurity. It’s not their job. It is the totality of the agency wherever you sit, your job is cyber because of things like phishing and because of who you are and you might not realize the privileged accesses that you have,” she said.

One way agencies are addressing the personnel challenges is through better software development, which lets leaders assign roles and responsibilities to users more easily.

Dr. Tiina Rodrigue, the CISO of the Consumer Financial Protection Bureau, said her agency is focused heavily on the application pillar under zero trust for that and other reasons.

She said concerns about the risks brought by the supply chain as well as open source software as CFPB builds a lot of its own software.

“We have already seen that from the Log4J and everything else, that when vendors or open source communities include problems, we transitively inherit those problems. So part of what we’re looking at is being our own product development team to make sure that security also as part of the ideation and that as part of that orchestration that we have built in cybersecurity from the get go because with our systems thinking approach, we recognize that we’re all interconnected and these things will emerge dynamically with much less warning than before and often with no warning,” she said. “Part of what we’re doing are building those relationships so that there is cyber synthesis throughout the whole thing. That’s the major emphasis we have around zero trust because with those applications tied into identity, tied into the network and devices and the data itself, we’re able to protect everything at the same time.”

The post NGA, DHS S&T’s unique approaches to zero trust, cybersecurity first appeared on Federal News Network.

For the first time ever, the Federal Acquisition Service in the General Services Administration topped $100 billion in revenue last fiscal year.

That is $10 billion more than FAS brought in during fiscal 2022.

Tom Howder, the current deputy and soon-to-be acting commissioner of FAS, said the revenue numbers only tell part of the FAS success story.

“We continue to grow all over the place. $6 billion in savings that we produced for the American taxpayer through our various programs. And here’s a percentage for your 46%. That’s the percentage of dollars fast awarded that would be eligible small businesses. So for the 13th consecutive year, GSA has earned an A or A+ from the Small Business Administration in terms of our small business utilization. So lots of success there,” Howder said during a recent ACT-IAC webinar. “I would also mention with the Assisted Acquisition Service (AAS), the obligations were also at $18 billion, and obligations are an indicator of future revenue. We’re going into the [new] year strong with AAS going to continue to grow. But that wasn’t the only place that we had successes; our general supplies and services had an outstanding year as well, really aggressive growth centered on the retail operations front, especially. But also the requisition channels are growing, especially as the needs for the Department of Defense have increased over the last couple of years. And we’ve taken advantage of that and help them out as well.”

Howder said reaching the $100 billion mark was surprising to some extent, but FAS has continually seen an increase in sales over the past decade.

Several ongoing initiatives contributed to FAS’ growth, including outgoing FAS Commissioner Sonny Hashmi’s three “North Star” goals:

• Make it dead easy to do business with FAS
• Creating tremendous value for our customers
• Creating a thriving, innovative, compliant and equitable marketplace

Hashmi announced earlier this month he would be leaving as FAS commissioner on Dec. 29.

Howder said part of FAS’ success is how it has positioned itself in the marketplace over the last few years.

“A good example of that is the small business innovation research (SIBR) program, which a few years ago was zero for us. Now, I think our obligation level is over a billion dollars,” he said. “I see us moving into the ISR, intelligence surveillance and reconnaissance. We hadn’t had much business with that community in the past, and we’ve really been able to move forward there. I’d say just the general growth in DoD. So as our military needs are increasing around the world, we’re helping them with the support of that. Obviously, we don’t provide anything like weapons systems or things that go boom, but there’s a lot of other things that DoD requires and we were able to fill those needs. I think those are a lot of the organic growth areas that we have.”

FAS continues to receive good feedback from industry and agency customers, and uses that data to improve how it delivers services.

Satisfaction scores rise

Howder said customer feedback was one driver of its recently announced reorganization. FAS is moving from a regional structure to one entirely focused on serving agency and industry customers much differently than ever before.

“I think when you’re strong that’s the best time to look at yourself and do some introspective examination and figure out where you will have to go. You don’t want to deal with that when you’re backed into a corner because then you’re going to just have to like grab on to something. We wanted to really go through this deliberately and figure it out,” Howder said. “Frankly, it was no surprise we were going to go this direction. You could see this coming years ahead of time. We had already been gravitating in this way for a long, long time. We had to put in place some pretty dysfunctional processes to plaster over the cracks that were happening in the existing organization that we needed to change.”

While 2023 data is not yet available, Howder said the 2022 customer and industry satisfaction survey results demonstrated FAS’ progress. He said satisfaction scored hovered between 75% and 80%.

“We actually use this data considerably. First of all, we hardwire results into our senior executive performance plans. We asked a whole variety of different questions on these to pull out where our strengths are, but also where our weaknesses are, and based on that, we have a team in the Office of Customer and Stakeholder Engagement (CASE) that parses through the data, and then pulls out what are our targets of opportunity. What are those things that we can affect the highest return on investment, in terms of actually impacting our customers and impacting industry?” Howder said. “Then each of the organizations, all of our business lines, put together plans based on that data. They’re charged with achieving actual concrete things. I’ll give you an example. A couple of years ago, we had been getting a lot of feedback that our customers didn’t really know where their orders were. If you use Amazon or something like that, you can track the status of your order and see where it is. So we put in place a program to do that. We started working with our industry community to get that order status into our systems, and the customers really liked that we can actually see the needle move in terms of satisfaction for that.”

For 2024, Howder said several priorities are on tap, including the expansion of the Transactional Data Reporting (TDR) program, the continued growth in the use of the 4P tool for contract awards and modifications and the full implementation of the GSA Advantage! catalog effort.

TDR expansion coming

The TDR expansion continues to be a hot-button issue between FAS and the agency’s inspector general.

Howder said GSA is taking the IG’s recommendations to heart as it improves the program beyond the seven-year-old pilot.

“We have different buckets that we’re looking at right now. So for non-configurable products, like piece of paper or pencil, it’s easier than, say, a configurable product, like a laptop that has lots of different options, which in turn is easier than services. We’re really digging into where can we get the best quality. How do we get the best quality? We have different groups that are looking at all those different permutations in order to figure those kinds of things out,” he said. “We are actually getting some pretty good TDR data. We’ve spent most of 2023 really, really drilling in on the quality of the data, and if there are people in the audience here who are with companies that deal with a lot of product, you may have actually heard from us in terms of we’ve scrutinized the TDR data coming from certain companies, and we’re trying to figure out how we can improve the match quality and things like that.”

Howder said FAS has regular conversations with the IG about their TDR plans, including he personally has a monthly meeting with his counterpart in the oversight office.

“We do seek input from them. Ultimately, we do have to make decisions and we don’t want to have management by IG,” he said. “I don’t think they want to have that either. So we share with them to the extent that we solicit feedback from them, to the extent that we can, and we always have a conversation.”

The post GSA’s Federal Acquisition Service achieves $100 billion status first appeared on Federal News Network.

Key back-end systems at the U.S. Mint are in danger of being cut off from the outside world.

These are systems that run elevators, fire alarms and the like that have lived on copper wire telephone wires for much of the past 75 years and can’t easily be adapted to modern IP infrastructure.

Jason Mervyn, a lead IT specialist for the U.S. Mint at West Point, said these systems are now at risk at the Mint, and really at many other agencies.

“One of the most important directives I have is to make sure things stay up. You don’t want to suddenly not get dial tone, and in keeping with that, we have to make sure that the Mint has the best redundancy and stability and the ability to continue operations as possible,” Mervyn said on Ask the CIO. “It’s sad to say that the tier one companies, which are the big the big telephone companies, the ones people are most familiar with like AT&T and Verizon, are simply not making the offer of supporting copper any longer. It’s because the technology has moved on sufficiently and they don’t want to have to support the copper either. So having seen, unfortunately, now my fair share of dusty telephone cabinets, you can realize why they don’t have the ability and they don’t want to keep people trained on obsolete skills. It’s only the old bear in the woods kind of people who have the skills any longer.”

For the Mint and other agencies, the challenges isn’t just that the big telecommunications companies don’t want to support copper wires, but as more and more of the infrastructure moves to internet protocol (IP)-based technologies and become interconnected, the cyber risks increase significantly for back end systems that traditionally have been isolated.

These systems include those for fire alarms, elevators, Supervisory Control and Data Acquisition (SCADA) systems and similar ones.

Disconnect notices coming soon

Don Parente, the vice president of federal sales and solution architecture at MetTel, said the upgrades that are needed aren’t a singular challenge.

“When you start looking at the copper going away, you might have voice lines that could be replaced with IP telephony or IP handsets, and move to a hosted IP based telecommunications platform. You might have these specialty lines that require these types of transformation capabilities where it still looks like [plain old telephone systems (POTS)] for the panel, but it looks like IP to the network. Then it’s taking it up a notch where you have the more traditional private branch exchanges (PBX) that exist inside of an agency and those are often served with larger trunks that are delivered over copper.”

Additionally, he said the Federal Communication Commission recently gave local exchange carriers permission to shut down copper wires, which is something they have been wanting to do for some time.

“That green light is accelerating disconnect notices to government agencies and others,” Parente said. “The move to voice over IP and IP in general is a more efficient protocol to route calls or telecommunications across the network. There is a need to modernize and evolve, which is part of what is driving this change. A lot of people are disconnecting their home phones and the need and use of plain old telephone systems has reduced and there is still a large infrastructure that carriers don’t want to maintain.”

The Mint is looking at how to modernize without having a huge budget increase.

Mervyn said he’s working to figure out alternative sources for unique items like emergency POTS lines, which traditionally are powered by the phone company’s central office and therefore remain powered even when the site loses electricity.

“A friend in the commercial sector indicated he has had to award site-by-site contracts with local equipment carriers for his remaining essential POTS connections, and depending upon each of our seven locations’ needs, I may have to go that route,” Mervyn said.

Costs are rising for copper wires

Parente said modernization becomes more imperative because carriers are increasing the price of providing and supporting POTS and other legacy technology.

He said he’s seen costs rise to as much as $1,000 a month and the likelihood of the price going higher is real.

“If you have a fire alarm panel in a building and it works just fine, you don’t have to replace the entire alarm system because POTS is going away. You need to come up with a way to serve the system from a network IP perspective. You can retrofit what exists,” he said. “There are solutions out there. But you have to get to it before it’s too late. We get calls from agencies or companies saying they have received a disconnect notice. The key here is to plan and get ahead of it. I think IT professionals know it’s coming as do those in charge of alarm systems or elevators, but there are plenty of folks who need to learn it’s coming and start planning ahead.”

Mervyn said like with most IT system upgrades, agencies need to start by knowing what they have today and what needs to change.

He said a few years into this effort, the Mint still is trying to close out lines that are almost like “ghost accounts” with multiple  entries in the billing system from the General Services Administration.

“The lines have been shut for maybe five years, but the billing still occurs. So make sure you know how to decommission those lines and do so when you stopped using them,” he said. “The flip side of that is make sure you have the carriers do what’s called a customer service record (CSR), which is the way that you get what they say your inventory is, rather than just thinking you know what it is. So having that list of things that they’re charging you for helps match up with what you’re going to wind up closing on the back end.”

The post US Mint facing its future without copper wires first appeared on Federal News Network.