Advanced modeling techniques have been cited as critical as far back as the early 1990s. However, the infrastructure and availability of the software, technical expertise, and data availability limited the adoption of the capability. Now with more readily available talent, software, and cloud-based data aggregation, DoD has the opportunity to point these sophisticated forms of data analytics at previously manual processes like fleet management. While industry is moving out with artificial intelligence, machine learning, and large language models, there are still professional techniques like modeling and simulation that yield itself highly effective, accurate, and expedient speed to insight and is a complementary tool within the arsenal of advanced analytic programs within the DoD.

In some areas, DoD is rethinking the way it’s using technology to realize and leverage the value of its data more fully. Rather than collecting and keeping that data stovepiped or stored locally by each individual organization, DoD can use specific analytics tools to increase the speed to insights. Recent improvements in the availability of technology, training, and data systems have made this possible, but it hasn’t achieved wider adoption across the enterprise yet.

“Many weapons platforms have been around for multiple decades. The approach to managing the supply chain, platform maintenance, repairs, overhauls, and upgrades has had to change over the years as technology inevitably advanced. The Department is simply at another evolution of these processes,” said Jon Barcklow, managing director at KPMG. “Think about what we were doing 40 years ago. So now, with the broad adoption of artificial intelligence, machine learning, lightweight modeling, and simulation, agencies can look at what they were doing more real-time, with fewer resources, and find optimization opportunities faster than ever.”

However, with new technology always comes new challenges. Sometimes the problem is too much data to model or overly sophisticated — and costly — AI models and infrastructure for processes where the eighty-twenty rule might apply. For example, Barcklow said an aircraft that is both being flown on active duty and still in production is highly complex. The aircraft has to maintain a certain level of readiness, which means regular maintenance and replacement parts, but the production requires those same parts. This aircraft is also being flown around the world as the fleet constantly moves, and partner nations are assembling their own fleets, even further complicating the supply chain. Additionally, in the absence of perfect data, compartmentalized data infrastructure, or missing digitized processes, most data models will require assumptions and variables.

“In the use-case of a complex weapons platform, this becomes a multi-million variable optimization problem,” Barcklow said.

To handle a problem at this scale, DoD is increasingly turning to artificial intelligence and machine learning. But that can be an expensive proposition, and it has its limitations. For example, Barcklow pointed out that black swan events like what we saw with COVID-19’s impact on the supply chain can cause even the most sophisticated models to break down. By definition, black swan events have very limited analogous examples from which to benchmark. In the case of COVID-19, predicting labor shortages and absenteeism due to infection rates was a challenge in predicting the impact to platform build and repair times. In this type of circumstance, we found that alternative modeling techniques were better suited to develop these types of projections.

“Data has the potential to almost become your enemy,” said Phil Sutton, director at KPMG. “If you rely heavily on and are very focused on just what the data says, you may be led astray and you’re going to have a potentially detrimental forecast. So, we often recommend taking an alternative approach, going back to the basic principles and processes of these systems.”

That alternative approach is rooted in traditional operations research techniques, like simulation. The idea is to use first principles-based techniques to test assumptions and calibrate off of those with varying levels of confidence. Sutton said nobody will get it quite right – who predicted COVID-19, after all? – but those varying levels of confidence can reveal more useful insights than AI or ML, which can only extrapolate on existing data.

The idea is to consider various “what if” scenarios and then find the connections and similarities rather than planning for each of them. That leads to discovering broader sensitivities and potential disruptions. For example, the pandemic disrupted the supply chain, but so could a major geopolitical conflict. Rather than trying to predict which black swan event is coming next, focusing instead on shoring up weaknesses in the supply chain can make DoD more resilient in either scenario.

So, in the case of that multi-million variable aircraft, the idea would be to optimize for just a few broad variables: fleet readiness, cost, risk to the fleet, and risk to production. Those all have to be balanced and optimized against one another. And there are various scales that have to be performed, too. For example, a ground vehicle is its own layer of risk. On a smaller scale, each of that vehicle’s individual parts, subsystems, and components carries its own risk. On a larger scale, DoD has entire fleets of this vehicle. Each of those layers of risk must be taken into consideration.

And this is where AI and ML can come into play: Barcklow said predictive maintenance is one example where those technologies excel.

“Every one of these techniques and technologies has their own place and best fit,” he said. “All of these things have a very specific purpose and an approach, and they’re always best suited towards specific types of problems. And it is very complimentary if you have someone who can help you think about getting all these technologies to work symbiotically.”

The post How DoD can get faster insights to support improved readiness first appeared on Federal News Network.

Typically, agencies have achieved supply chain management by brute force, “just pouring more people at it, versus being more efficient,” said Joe Damour, federal advisory director at KPMG.

Data offers a better solution for bolstering supply chain resilience. With a robust system, it’s possible to consolidate data across the supply chain from disparate sources using automated workflows that are supported by artificial intelligence. This data-driven approach is vital for securing and strengthening our supply chain, promoting resilience and proactive mitigation strategies. By analyzing the data to generate timely insights, potential vulnerabilities or sticking points can be identified in the supply chain before they can jeopardize the mission. Moreover, these insights can guide strategic decisions, enabling us to preemptively secure resources, optimize logistics, and ultimately ensure a steady, reliable supply chain.

Drive toward real-time information

The supply chain drives readiness in the military, as well as in civilian agencies such as those tasked with providing medical care. It’s crucial to know what’s on hand, what condition it’s in, what’s arriving and when.

Rather than rely on “lagging indicators,” reports that may be days or weeks old, a modernized system will deliver real-time information on the status of needed materials and supplies, said Chad Jones, federal advisory managing director at KPMG. By leveraging AI to gain a predictive edge, “agencies can identify and address potential problems early on.”

To achieve those ends, a solution needs to work across silos.

“Supply chain data, in its current form, can often be unstandardized and balkanized, even within a single agency or organization,” Damour said. This fragmentation often leads to a disconnect between those managing the flow of goods and those striving to accomplish the frontline mission. Yet, by focusing on securing and fortifying our supply chain, we can establish a more cohesive and resilient system.

To do this, agencies need to prioritize data standardization and integration across the board. By unifying this data, organizations not only streamline operations but also enhance visibility and control, essential elements for a robust, resilient supply chain. This alignment would ensure that the right information reaches the right people at the right time, reducing potential misunderstandings or delays.

Furthermore, a secure, resilient supply chain allows for quicker response times and better adaptation to sudden changes or challenges. It promotes the seamless flow of goods, thereby directly supporting those working towards the frontline mission. As such, the goal should be to build a resilient supply chain that acts as a reliable backbone, effectively bridging the gap between supply management and mission execution.”

With conventional approaches, it is hard to get a comprehensive picture — one that reaches all the way from the manufacturer to the end user at the tactical edge. Without interoperability, “it’s difficult — if not impossible — to get real-time visibility into the supply chain,” Jones said. “That readily-available information exchange doesn’t occur.”

A robust supply chain solution will address today’s interdependent environment with an agile and flexible data exchange, one that can ingest both structured and unstructured data, he said. It will access data from across the ecosystem and pull it into a unified global view.

Such a system will allow for information-sharing and situational awareness in support of data-driven decision-making at the top, Damour said, while also pushing control closer to the edge. It will give agency employees access to the details they need to meet the mission effectively — wherever they work.

All this will be supported by AI, with automated workflows that remove extensive manual labor from the process. With less effort and less manpower, leadership gets deeper and more actionable insights, Jones said. When will it get there? When is it coming back, and who will need to be on hand to maintain or refurbish it? Those are the questions a robust data solution can answer in real time.

Begin to bring data to life

Agencies can take three steps to work toward developing a data-informed supply chain capability, Jones said:

• Build the skills: In shifting to a more data-driven posture, it will be important to ensure some degree of data proficiency across the workforce. “Not everyone has to be a data scientist,” he said, but every job should require a level of data fluency and the ability and willingness to look to supply chain metrics in support of improved mission effectiveness.

• Lean into interoperability: Effectiveness here depends on the ability to reach across multiple heterogenous systems. In architecting a solution, it is critical to consider all the sources of information that inform the supply chain and to create the interoperability needed to generate a holistic view.
• Consider the data itself: Most supply chain data is unstructured. “It’s not in a form that can be easily assimilated into a data lake,” or addressed by an analytics tool, Jones said. To speed up insights in the state of the supply chain, it will be helpful to look for solutions that can readily ingest whatever data is available, in whatever form.

Overall, the outputs need to be accessible, with easy-to-use management and reporting tools, Damour said. A modernized solution should generate reports that make sense to ordinary users — that answer their questions clearly and directly, whether at the executive level or at the tactical edge.

A solution that is “easy to operate and visually appealing” will engage more people in the conversation, he noted, thus expanding supply chain insights beyond just a handful of subject-matter experts.

With a supply chain data solution, leaders can break down silos and speed processes to drive deeper insights. They can meet the mission more effectively and take preemptive action to ensure that any snags along the way don’t disrupt critical operations.

The post A resilient, secure supply chain hinges on strong data management first appeared on Federal News Network.

At the same time, AI and ML exposes agencies to a new and possibly different set of risks. They also must consider new policy and governance approaches to mitigate and minimize those risks.

Mike Peckham, a managing director of advisory at KPMG, said agencies should examine their current level of AI risk preparedness and understand potential vulnerabilities.

AI Risk Preparedness

[AI is] helping the human make that final decision, but allowing the human to make that final decision. That goes back to that point of are we not going to replace people because we inherently understand things about data that a computer never will.

Mike Peckham

Managing Director, Advisory, KPMG

“I think everybody is putting this large box around AI to say, ‘we’re not going to define it as any one particular thing.’ I like the term intelligent automation because as long as you’re starting the journey and you’re starting to use these tools in the way that they’re meant to be used in an ethical manner, you will slowly, but surely, see the benefits of layering on those technologies,” Peckham said on the discussion Modern Government: AI risk management. “The first time I played with natural language processing, we were looking at the single audits on grants. If you’ve ever read a single audit, I can tell you it’s probably one of the worst reads you can have in your life. A 600-to-700 page audit and coming from an accounting background, it’s incredibly boring. But natural language processing can go through that so quickly even though it’s unstructured data. Once you’ve made sense of it, you can understand where the information is throughout that entire 600 page document, then you can start to glean way more than you ever could have understood by just doing manual reviews. That to me is what people are starting to recognize is the best part about these technologies.”

The use of AI, or intelligent automation, isn’t necessarily new. Peckham said he used natural language processing and other early forms of automation in the early 1990s to do travel post payment audits.

He said by applying technology to this process, his office took a manual process that typically took 54 minutes down to 9 minutes.

Better understanding today

While that early example showed the power of the technology, agencies today have much better technology and understanding of what can be done using AI.

Peckham pointed to the success many federal CFO offices have had with robotics process automation, which many times is the first step toward intelligent automation.

“Now we start to understand what the human does with that information so that the next time around when we layer in intelligent automation and the AI tools, then it’s giving them options like 90% of the time when the tool saw these scenarios, it was option A 70% of time or whatever the outcome would be,” he said. “It’s helping the human make that final decision, but allowing the human to make that final decision. That goes back to that point of are we not going to replace people because we inherently understand things about data that a computer never will.”

Guidance for AI Risk Management

I think it is a great first step to understand what you have and how you're using it. If you don't understand that and if you haven't done an inventory, then AI or intelligent automation is going to create fear, just like anything new that you're doing.

Mike Peckham

Managing Director, Advisory, KPMG

To help agencies get their heads around how AI could impact their processes, KPMG developed an accelerated AI risk diagnostic tool. Peckham said the tool helps agencies develop an inventory of how they’re using AI today.

“I think it is a great first step to understand what you have and how you’re using it. If you don’t understand that and if you haven’t done an inventory, then AI or intelligent automation is going to create fear, just like anything new that you’re doing,” he said. “But if you’re able to talk to somebody who’s already been down that path and they can say, ‘yeah, it’s a little bit scary. But guess what, here’s what we did, here’s how we handled it.’ This is where our diagnostic can really help folks tackle those challenges and move forward at a faster pace.”

Ethics and speed are paramount

At the same time, agencies can’t sacrifice ethics for speed. Peckham warned agencies need to do their homework about not just how they are using the algorithms but about the results they are getting back from the tools.

“We’ve seen what’s happened with biometrics. There have been hearings on the Hill about the use of these tools in identifying folks, specifically folks of color and how there have been perceived biases and real biases using AI. It’s a problem,” he said. “But I do believe that a lot of that problem falls back to the idea that the information that was used because these are algorithms and that’s all they are. The algorithms were built around the largest population that they had available to them. In the case of the biometrics, it happened to be for the most part white men so they have very strong algorithms in that case.”

He said KPMG tests AI tools using synthetic data that creates personas for fictional people where you can change the skin or eye color just enough to make sure the algorithm works and contains fewer biases.

Peckham added before agencies can jump into the AI pool’s deep end, they must understand the best use case to test out these tools.

“It’s a little tricky to start, but I think with the governance and all the guidance that’s coming out, it’s getting a little easier. You can’t be afraid to take that first step on the journey to understand how you can use AI,” he said. “Do I have a use case? Do I have the right technology to address that use case? And how can I move forward? Talk to folks, like KPMG, who have been there before and help you get down the best path to learn and be successful.”

Listen to the full show:

The post Agencies must balance the benefits, risks of AI first appeared on Federal News Network.

From digital integration to digital modernization to creating a decision advantage, the three priorities build on each other to make the DoN more agile, better linked to its fellow services, agencies and allies, and more lethal to take on near peer adversaries.

Digital Modernization Strategy

Our digital modernization strategy is really focused on how do we become a software dominant naval force? If we want to maintain our maritime advantage, it is really critical in this dynamic security environment that we become a software dominant force.

Kelly McCool

Director, Digital Warfare Office, Navy N9

“Our digital modernization strategy is really focused on how do we become a software dominant naval force? If we want to maintain our maritime advantage, it is really critical in this dynamic security environment that we become a software dominant force,” said Kelly McCool, the director of the Digital Warfare Office for the Navy N9, during the discussion Modern Government: Digital Transformation: Data, Collaboration and Insights. “Really, it’s about modernizing our legacy software approaches which have these entanglements with our hardware, which makes it hard to upgrade our software. We have to break down those dependencies to free us for more agile software development, and hardware upgrades on a different pace.”

By creating this new software environment, the DoN will modernize its systems and networks no matter the platform, air, sea or shore, more quickly. And those two concepts will lead to the department’s ultimate goal, speed to decisions.

Becoming software dominant

“The idea here is, and this is a central imperative in the CNOs NAVPLAN, if we have digital integration; we can communicate across our forces, and we have this modernized software where we can release software updates quickly, then now we have the building blocks to really measure our decision speed,” McCool said. “We see ourselves as a significant part of the integrated deterrent strategy, which is a key part of the national deterrent strategy.”

To become a software dominant force, the Department of Navy launched Project Overmatch in 2021. It’s part modern software factory, part the Navy’s piece of the Joint All-Domain Command and Control (JADC2) program and part classified next generation technology.

The Department of the Navy is expecting to accelerate the initiative in fiscal 2023 as it asked Congress for $195 million, which is $122 million more than it received in this year.

“Project overmatch is really at the forefront of how we do DevSecOps with a software delivery pipeline that uses agile software development capabilities. There’s uniqueness though because in other DevSecOps environments, you do the development in a way where you’re always connected to the cloud or you’re always connected to the web, we, obviously with our forward platforms, aren’t going to have that connection,” McCool said. “We will have a hybrid situation where we do our development in an agile way, and we’ll have the capability to upgrade our software over the air while we’re deployed. There’s a lot of learning that we have to grow into and Project Overmatch is really at the forefront of delivering that capability.”

Unusual to change applications

McCool said the DoN will deliver the minimum viable product (MVP) capability to a single carrier strike group next year. In the meantime, her office is ensuring the crew is trained to use the capability, particularly around network improvements and creating decision support tools.

“We’ve had some learning there too. Our traditional training methods of using PowerPoint to describe what a tool does is not really the most effective way to train some of our young sailors,” she said. “We’re now using a live sandbox environment where you can see the touch and the feel of the tool as well as how it really would operate. It’s a little bit more intuitive.”

Project Overmatch’s DevSecOps capability will be a major change for the DoN. McCool said typically the service doesn’t change software for a carrier strike group when it is out of port unless they absolutely have to because of concerns about the impact the change would have on the mission.

“This is an area that as the system is deployed that we’re going to be exploring with the fleet as operational capabilities and operations allow and bandwidth allows, we’ll be exploring those over the air updates and what makes sense. What’s that right balance?” she said. “What is unique about Overmatch is this capability to deploy to the fleet, but in a development sense, there will be development going on shore based and we’ll be continuing to upgrade tools and the analytic capabilities. I think there’s an opportunity there for maybe common practices and common use cases. But I think we’re a little too premature for that conversation yet.”

Need to make sense of the data

Along with Project Overmatch, McCool said another key initiative around digital integration is the DoN’s data strategy, ensuring it has the ability to move data to and from the tactical edge.

Priorities for Digital Modernization

Project overmatch is really at the forefront of how we do DevSecOps with a software delivery pipeline that uses agile software development capabilities. There's uniqueness though because in other DevSecOps environments, you do the development in a way where you're always connected to the cloud or you're always connected to the web, we, obviously with our forward platforms, aren't going to have that connection.

Kelly McCool

Director, Digital Warfare Office, Navy N9

“The fact that we can improve how much data gets to the warfighter doesn’t necessarily mean they’re going to be able to make better quicker decisions with it. In fact, more data can often cause decision paralysis and especially when that data is confusing or the environment is just overwhelming,” she said. “We need the right tools and the right algorithms to really simplify what is presented to the fleet. What we’re focused on is what are the right decisions that need to get made and by whom? Where is the decider physically located? Are they on an aircraft carrier? Are they under water in a submarine far forward? Are they on a destroyer? Or are they on a headquarters facility in the states? That really matters. So working with the fleet to have that deep knowledge of how the Navy plans and executes, that’s really where we’re going to focus on those decision support tools to eliminate those friction points. That’s really where we think we’ll get to the better, faster decisions.”

She added the DoN will have to rely on artificial intelligence and machine learning capabilities to help sift through the data. This includes moving AI tools to the tactical edge, especially as the service relies on unmanned platforms more and more.

“One of our key innovation engines is the unmanned task force as well as Task Force 59, which is our fleet operational battle lab. In that regard, they’re working very closely with industry and with emerging industry players in this space, not necessarily your traditional DoD primes. What they’re really trying to get after is ‘how do I use AI and ML in in smaller unmanned platforms so that you’re synthesizing the data much more quickly?’ she said. “You’re getting to reduce the workload of the operator and you’re optimizing your decisions. This tactical edge for unmanned systems and manned unmanned teaming is an area that we’re highly interested in and we’re going to need to advance here in the future.”

McCool said all of these efforts are leading the Department of the Navy to an end goal that isn’t just digital modernization, digital integration or even speed to decisions.

“How do we how do we get to a place where as our CNO puts it, we can have a move countermove capability? We deliver a capability to the fleet, but then expect that the adversary will have some sort of unexpected reaction, or counter and us having ability to react very quickly,” she said. “That’s the most important thing that we’re really trying to drive that as we go to this digital modernized world.”

Listen to the full show:

The post Navy’s digital transformation building blocks to bring agility, lethality first appeared on Federal News Network.

Space Training and Readiness Command Goals

We already started to talk about bringing together the soft skills with what the Space Force needs for mission, and then walking that through whether you're a civilian coming off the street or coming in from another service, walking through the most basic training to the most advanced, how we see that across a career in delivering the right training at the right time for our guardians. In addition to training and education, maybe our most difficult technical challenge was the build out of a training and testing range. We called it the National Space Test and Training Complex.

Maj. Gen. Shawn Bratton

Commander, Space Training and Readiness Command, Space Force

Training and Culture

When our guardians now go to basic training, now they have a specific identity. They're pushed by guardians and when they have questions about what they will be doing in the future, what it's like, they will get that directly right from a guardian. It was pretty significant.

Chief Master Sgt. James Seballes

Senior Enlisted Leader, Space Training and Readiness Command, Space Force

In the next few months, the Space Force will release a roadmap for the future of training.

This vision is the culmination of a year’s worth of work developing the concepts, skillsets and goals for the Space Training and Readiness Command (STARCOM).

Maj. Gen. Shawn Bratton, the commander of the Space Training and Readiness Command, said the roadmap will cover both tactical skills like running command and control technologies, and strategic skills to create the new culture at the Space Force.

“It really articulates where we are trying to get to as an end state. How do we think about intelligence and cyber operations, and space operations and training, and really the integration of those together? It comes back to that teamwork piece of I can’t just train an intelligence operator separate from a cyber operator separate from a space operator and acquirers and engineers. Really I need to train them to collect creatively.” Bratton said on the Modern Government: Space Training and Readiness Command show. “I think you’ll see us emphasize integration and training on what are opportunities to bring those communities together. And because the Space Force is so small, I think there’s a lot of opportunity to do things different in that way. Mainly, our scale allows us to do that. So we’re excited about it.”

The goal is to create a vision to educate the force as a new service, which launched in December 2019.

“We had a couple of very clear go dos from General [John] Raymond, [commander of Space Force], one of which was to establish an independent, professional military education for the Space Force by 2023,” Bratton said. “We already started to talk about bringing together the soft skills with what the Space Force needs for mission, and then walking that through whether you’re a civilian coming off the street or coming in from another service, walking through the most basic training to the most advanced, how we see that across a career in delivering the right training at the right time for our guardians. In addition to training and education, maybe our most difficult technical challenge was the build out of a training and testing range. We called it the National Space Test and Training Complex.”

Understanding their impact

The test range promotes both access to technology and the need to build collaboration among guardians.

Space Force plans to grow to about 18,000 personnel over the next few years so creating the best training approach becomes more important.

Chief Master Sergeant James Seballes, the senior enlisted leader for Space Force’s Training and Readiness Command, said another big challenge for the Space Force is creating an environment where guardians and civilians can understand the impact of their decisions and where leaders can analyze their performance.

“You understand the mission a little better when you actually get to go do something, which is what the range is meant to do by providing that albeit virtually, but to give them that live experience of what it’s like to actually do their mission and try to work through failure and challenges and lessons learned and get after those things, so that they can be prepared and ready to go should and when if that time comes,” Seballes said.

Another way the Space Force is creating its culture is through a recent basic training boot camp at Joint Base-San Antonio-Lackland that was the first for guardians only. Prior training sessions had been integrated with the Air Force.

“When our guardians now go to basic training, now they have a specific identity. They’re pushed by guardians and when they have questions about what they will be doing in the future, what it’s like, they will get that directly right from a guardian. It was pretty significant,” Seballes said. “The curriculum wasn’t completely revamped, but it was significantly changed. We added about 35 hours of Space Force specific curriculum that got after the different things that we prioritize in the Space Force like our core values, a better understanding of which each of the different specialties bring to the fight, to include them even getting a threat brief from operational folks here at STARCOM.”

More directed basic training

The second iteration of basic training is happening now and the training and readiness command will use feedback from the first two cohorts to continue to improve their approach. The Space Force only expects to recruit about 500 new guardian each year versus the Army, for instance, which seeks to bring in 120,000 new soldiers annually. Seballes said this gives the Space Force the ability to be more agile in its training curriculum.

Bratton added the Space Force only basic training is creating that identity and feeling of belonging to create a strong connection to the force.

“Even if they make a choice to leave the service and go out to industry, we still want them to know they’re still a guardian and still part of the team,” he said. “So how we make that connection, only time will tell if we’re successful, but basic training is absolutely one place where we’re just trying to set that right off the start that good found strong foundation.”

Advanced courses under development

Now that the Space Force has created that solid training foundation, Bratton said the plan to shift to more advanced training around concepts like electronic warfare through their “skies series.”

“Black Skies is an electronic warfare exercise where some of that will be what we call live fire. We use actual systems and operators, but to really put them through their paces and in more advanced training environment,” Bratton said. “We owe that to our cyber operators. Intelligence is incorporated in all of these exercises, but really bringing the team together not in the in the fundamentals, but upping our game a little bit and presenting them with a more difficult challenge. We’ll do that through the sky series next year, and then we’ll follow with the others in subsequent years.”

Seballes added the Space Force also is looking at how best to offer advanced degrees for the enlisted force to continue their professional development as both a way to retain guardians as well as a way to improve their skillsets.

“Going into year two, the plan is obviously to look at some other opportunities to either partner with institutions and continue with that toolbox, if you will, of professional development opportunities are another thing that that we’re moving toward,” he said. “We still rely pretty heavily on the Air Force for a lot of things, and we will into perpetuity. One of the areas in training is the tech schools where we own the school houses now and are starting to get our feet under what that means.”

Listen to the full show:

The post Space Force on path to integrate training, create new culture first appeared on Federal News Network.

Segment 1

“We really want the business to be a part of that full lifecycle. You need to figure out what are the roles and responsibilities for not just your systems integrator, not just your traditional CIO functions, but how do you bring the business in, hold them accountable for showing up and being part of every step of that SDLC,”
- Jonathan Edge, a director at KPMG

Jonathan Edge

Director, KPMG

Segment 2

“It's about rethinking what is technology to that business partner to enable them to do things better, faster, cheaper. That’s important for the business to want good technology and it's important for the CIO to be able to develop good technology,”
- Jonathan Edge, a director at KPMG

Jonathan Edge

Director, KPMG

Over the last 20 years, the role of the agency chief information officer has evolved many times over. At first, CIOs were stuck in the back office, watching blinking lights of servers and worrying about email and printers.

Slowly, they emerged into new roles, focused on strategy and operations, sitting on both sides of the fence.

Today, CIOs are evolving once again. They are leaders, strategists and, maybe most importantly, key decision makers in the mission areas.

The Federal CIO Council’s 2021 handbook outlined the roles of technology leaders across seven key areas, including leadership and accountability, strategic planning, investment management and workforce.

In the short time since the council released this handbook, the role of the CIO evolved again. The pandemic reminded all of us just how critical IT is in serving citizens, protecting the nation and everything in between.

Jonathan Edge, a director at KPMG, said CIOs need to create a symbiotic relationship with the mission owners and other CXOs to drive digital transformation.

“CIOs, generally, are very good at what they do from a systems integration perspective. They know how to do development. They know how to do testing, configuration management, DevSecOps, orchestrate agile waterfall, or whatever the mechanism that the system development lifecycle might be. Those are absolutely what we see in in this federal space and industry more broadly,” Edge said on Modern Government: Mission Digital Transformation. “So if CIOs are really strong at these things, they also have to be strong at business process reengineering. They have to be strong at creating a technology that enables value management within their organization. They have to consider user adoption and change management strategies, human centered design and the experience of leveraging that technology.”

To create a complete team that will move agency digital transformation efforts forward more quickly, CIOs need to consider the concept of business integrators. Like a systems integrator, business integrators bring together disparate mission processes to drive better results.

Edge said this means bringing in lean principles, initiating change management, customer experience and user centered design principles as part of the software development lifecycle.

“We’re advocating for the cadence of agile where you certainly are taking strong requirements and you’re creating a requirements traceability matrix. You’re hoping that your development is a part of that,” he said. “We really want the business to be a part of that full lifecycle. You need to figure out what the roles and responsibilities are for not just your systems integrator, not just your traditional CIO functions, but how do you bring the business in, hold them accountable for showing up and being part of every step of that SDLC.”

Enable business partners

Edge added that CIOs using this process will create an orchestrated relationship with their business partners, who come to the effort with people and resources to help support the technology transformation.

But the CIOs still need to take a leadership role to enable the business partners to solve problems.

“It’s about rethinking what is technology to that business partner to enable them to do things better, faster, cheaper. It’s important for the business to want good technology and it’s important for the CIO to be able to develop good technology,” Edge said. “I’m not advocating for the CIO funding for all these things. I’m not advocating for the CIO to a mandate these things. But I do think there is a natural relationship where if the CIO says this is what’s needed for success to truly enable their organization to be better, faster, cheaper. The business should come with open arms and open hands. You want your business to really evaluate what this technology can do for them, and the CIO needs to enable that as well.”

Edge said enterprise resource planning (ERP) modernization efforts are good projects to use business integrators because of how complex the initiatives tend to be. This becomes even more important as agencies move toward low code, no code platforms, robotics process automation and other technologies because the business owners can impact the systems more easily.

“These ERP modernization type activities are end-to-end from procure-to-pay, order-to-cash and budget-to-execute. It spans the spectrum of business processes and that integration between business process and technology is absolutely where you would apply business integration,” Edge said. “You would really evaluate what are the skill sets that you have, and how are you orchestrating these skill sets across the systems development lifecycle to enable the best of that technology? What I don’t want to see is for any of these ERPs, because the technology has advanced, of course, lifted and shifted. You have to maximize the value of the ERP, and then of course, you still layer on low code platforms, robotic process automation, and integrate business and mission components to your core CIO functions.”

The post The role of the business integrator must help CIOs drive digital transformation first appeared on Federal News Network.

The Evolution of the Role of the CFO

It’s essential that the CFO organization has and will continue to move from being an enabling function to being an empowering function.

Nikki Reid

Partner, KPMG

Inclusion of Modernization in Financial Planning and Strategy

We’re seeing a ton of interest in business intelligence tools where even your standard accountant is really embracing the use of tools that allow them to analyze data faster.

Nikki Reid

Partner, KPMG

When Congress passed the CFO Act of 1990, their goal was to bring some consistency and standardization to how agencies manage and report on their funding.

Now, 30-plus years later, the law not only empowered the role of the chief financial officer but transformed the entire financial management area for agencies.

Nearly every agency received a clean audit in 2020, most have implemented strong internal controls, and the CFO role itself has been elevated to that senior strata.

Now it’s time for the CFO office to transform once again.

Rep. Carol Maloney (D-NY) introduced the CFO Vision Act 2022 in March to do several things, including standardizing CFO responsibilities to enhance strategic decision-making, providing deputy CFOs with sufficient authority to minimize the effects of CFO turnover and revising financial management planning by requiring the release of governmentwide and agency-level plans to gauge progress in addressing financial management challenges.

New CFO bill would codify agency programs

In many ways, the legislation would confirm and codify a lot of what agencies are already doing today.

Nikki Reid, a partner at KPMG, said agencies don’t have to wait for a new law to accelerate the transformation of their financial management efforts.

“It’s essential that the CFO organization has and will continue to move from being an enabling function to being an empowering function,” Reid said on the Modern Government: Expanding the Impact of Federal Finance show. “To me, that is literally what all of this is all about really going from nuts and bolts accounting to being a purely compliance based organization to being someone that’s focused on operations and really empowering mission areas and leadership in these agencies to make strategic decisions.”

Data and technology are the enablers to drive those decisions. CFO organizations didn’t always have high-quality data, and the technology evolution over the past five years has really driven this transformation.

Agencies now have more transparency into their data and more accountability around the quality of the information, Reid said. Laws ranging from the Digital Accountability and Transparency Act (DATA) Act to several of those focused on improper payments have driven progress across the board, she added.

Data helps drive better financial decisions across government

“Some of the agencies are really embracing and leveraging predictive analytics, which is something that I am so excited about,” she said. “When you think about the impacts to cash and receivables, and the impacts from a budget perspective, the government needs all this data to make decisions.

“Being able to leverage sometimes nonquantitative — or more and more qualitative aspects of data — in that decision-making effort, from a predictive standpoint, is eye opening and amazing. That’s probably the biggest thing that I’m seeing our clients start to do, and it’s great.”

That means agencies need to take advantage of historical data and combine it with new tools and methodologies to inform that predictive analytics, Reid said. She offered an example of a client going through a major transformation effort, deciding whether to move from a general fund to a working capital fund model.

“In order to be in a working capital fund, you have to have a lot more insight and detail about how you’re spending your money to develop whatever product or service you produce. In doing that, they have to have a lot more insights and information with respect to their data,” Reid said. “They are realizing that their data is not perfect, but they have to start. The great thing about this organization is they’re using visualization and data analytics, and it’s easier to see where they have holes in their data.”

This is one of the reasons why it’s important to get started in using data to drive decisions, she said, because the data will “clean itself up,” so to speak.

The four factors of federal financial transformation

On the technology side, CFOs are partnering with other senior leaders whether it’s the chief information officer, chief acquisition officer or chief data officer.

“We really look at transformation in what we call dimensions. The first one is service delivery model, really understanding how you deliver your services. So that could be your funding model, your general fund or your working capital fund. That could be your service level agreements. Do you have shared service providers? It’s anything that enables you to operate effectively as a finance function,” she said. “The second would be people. Yes, we use tools, but you need people to make that activity work correctly. So really focusing on people, making sure they’re empowered, that they know what their job is, that they’re trained appropriately. All of that has to be a real aspect of transformation.”

The third dimension is data. Agencies need to make sure their data is clean, but they also must begin moving forward to use data to improve their decisions.

The fourth dimension is technology, which means automating manual processes through robotics process automation and other capabilities.

“We’re seeing a ton of interest in business intelligence tools where even your standard accountant is really embracing the use of tools that allow them to analyze data faster. No one will ever stop using Excel, right? But some of our government counterparts are really embracing the use of more effective tools to analyze data,” she said.

“There’s large-scale implementations of hardcore financial systems going on today, and there is a push to go to shared service providers. But there still are agencies that are truly implementing new financial systems. That’s not what I’m talking about today. I’m really focused on these technology enablers like low-code applications that allow you to really manage your data in, manage decision-making and manage workflow in a more effective way.”

And the final one is process and policy.

“Most CFOs are very, very familiar with process cycle memos, and process narratives, and all of these things that go with controls and internal control documentation. But your policy and your process should really be foundational to what you’re doing to ensure that you have consistency and that your teams are doing things right,” Reid said. “At the foundation of it all is your program and change management. You need to embrace those dimensions if you are really going to have true strategy and true change.”

Listen to the full show:

The post The 5 dimensions to further transform federal financial management first appeared on Federal News Network.

Supply chain management is the idea of moving people and stuff from one place to another in a timely and efficient manner. This has been the goal since people started trekking from point A to point B.

But experts say it wasn’t until the 1980s that the technology revolution started to have are real impact on moving people and things.

Today, supply chain is at what experts call is entering a second transformational stage.

Agencies must focus on improving customer engagement by making assets more visible across multiple systems and data sets. Visibility can be something as simple as transportation information to improve the routes trucks drive. Or it can better align the organization through digital feedback.

The second part of the transformation is speed—the speed to process requests and to move stuff from Point A to Point B.

Agencies face a host of opportunities and challenges as part of today’s modern supply chain. In the end, the only goal is getting warfighters the products and services they need as quickly and efficiently as possible.

Stephen Gray, the director of the 448th Supply Chain Management Wing at the Air Force Sustainment Center, said like many parts of the Defense Department over past 10-to-15 years, the service has reduced its footprint and become leaner in managing its supply chain.

“We dictate essentially to them what stock they’re going to have, and then we manage the processes to make sure that the materials are available to them,” Gray said. “By centrally managing that, we’re able to optimize the inventory and reduce it to I don’t want to say bare minimum, but minimum amounts that are needed to support the enterprise. We take an enterprise approach in all activities that we do. By centralizing and optimizing our inventory, we’re able to carry less, which frees up dollars for the Air Force to go invest and do other things.”

The Air Force and others also work closely with the defense industrial base to ensure the timeliness and resiliency of the supply chain.

Gray said within the United States, the Air Force can move any part within three days or less. While overseas, it’s somewhat dependent on the country, but it’s equally quick given the geographic challenges.

Learning objectives:

• Agencies’ supply chain strategy
• Data and supply chain management
• Cloud and supply chain management

Complimentary Registration

Please register using the form on this page or call (202) 895-5023.
This program is sponsored by      

The post DoD is ensuring a responsive, resilient supply chain first appeared on Federal News Network.

From SolarWinds to Microsoft Exchange to Pulse Secure, the impact to agency networks and systems has been real and is forcing, once again, a call for real change to federal cybersecurity.

President Joe Biden’s recent executive order aims to drive significant upgrades to how agencies and industry think about and apply cyber protections.

At the heart of the EO—and really so many governmentwide efforts—is data.

In fact, the order calls on agencies to adopt security best practices; advance toward a zero trust architecture; accelerate movement to secure cloud services and to centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks.

Additionally, the Cybersecurity and Infrastructure Security Agency at DHS plans to spend some of its $650 million windfall from the American Rescue Plan Act on improving their capacity to conduct analysis of cybersecurity information coming to better understand risks and threats across the government.

It’s clear that data is key to everything agencies can do to protect their network and systems.

Viral Chawda, a principal and head of artificial intelligence, analytics and engineering for the government sector at KPMG, said once agencies truly understand their cyber data, leaders can have insights into things like what applications still don’t require multi-factor authentication, what hardware is going out of support, how much of a workload is in the cloud, which devices are using non-compliant software and so much more.

“From there you go to diagnostics analytics, which helps us answer question like, ‘Why it’s happening? Why is the migration to cloud slower than what we planned for? And how can we focus our resources on high risk areas like productivity, quality model, confidence, value delivered and cost management,” Chawda said on the show Modern Government: Cyber Analytics sponsored by KPMG. “Having a clearly defined matrix helps measure and monitor a defined set of indicators, and use effective interactive tools like visualization and dynamic drill downs to better understand cyber risk at the summary executive level all the way down in the detail of operational execution.”

Chawda said as agencies improve their understanding and application of their data, they can mature their cyber risk approach.

“If we can break it down into two types, predictive analytics, which tries to identify high risk areas before threats are exploited, and prescriptive, which is very advanced and it’s about recommending specific set of actions to respond to those risk analyses,” he said “Advanced analytics has many potentials to identify hidden risk and bring more value, but it also requires more sophisticated skills such as machine learning and predictive modeling or scenario planning and optimization.”

Public and private sector organizations have found benefits in applying cyber analytics ranging from improving their annual assessments to identifying risks more quickly to knowing what type of tool to buy that will make the biggest impact on their cyber protections.

Chawda said answering the questions around tools is become more critical as agencies are becoming overwhelmed by the sheer number they are using.

“Companies need to define a well-rounded set of high-level dashboards to meet their objectives and collect cyber data in a matrix [approach] because it’s cross functional. To get the complete security posture, you need to bring data across all the components inside your environment and from third party providers,” he said. “After defining a set of matrix, we need a continuous monitoring approach that can be standardized around the collection, curation and processing of cyber related data, which helps baseline the performance from a historical perspective and benchmark that risk indicator against other agencies or other companies. In this way, organizations can get an early warning, when observing abnormal behavior or drastic fluctuations within the data. Leadership can obtain the cyber risk picture through this mechanism in real time or on an impromptu basis, rather than waiting for the annual assessment report to come out or even, at best, on a periodic basis.”

Chawda offered one example where KPMG worked with a large client to apply a machine learning-based approach to detect command and control servers.

“Attackers use command and control servers to maintain communications with the compromised system. With this automated data pipelines and machine learning algorithm, it saved them months from having to manually scan 1000s of domains. We were able to identify more than 50 previously unknown detections, that existing rules couldn’t blacklist. This helped optimize the security analysts’ performance and prevented potential breach,” he said.

For the most part, public and private sector organizations already are using data to drive cyber decisions.

Chawda said many organizations, however, can be better organized by creating a strategy that outlines a roadmap, sets data standards and baseline metrics and defines risk indicators.

“Once that energy is being channelized in that focused area, it can drive results very quickly. Once that is done, meaning after the matrix program is maturing, the next step is to leverage advanced analytics to solve agency’s most urgent business problems in securing the systems and infrastructure,” he said. “This phase will continue to build upon the data pipeline and insights from the prior steps. By following an iterative machine learning model development approach, with feature engineering, model training, model governance, model deployment and prediction. Fortunately, the advent of big data and the compute capacity and capability in advance of governance, governments and companies now have ways to counteract cyber attacks.”

Defining Cyber Analytics

Companies need to make efforts and define a well-rounded set of high level dashboards to meet their objectives and collect cyber data in the matrix because it's cross functional. To get the complete security posture, you need to bring data across all the components inside your environment and from third party providers.

Viral Chawda

Principal, Head of AI, Analytics and Engineering, Government Sector, KPMG

Recommendations for Agencies Using Cyber Analytics

Behavioral analytics allow agencies to flag suspicious emails or badge check-ins or downloads or access to unauthorized sites and assets or even attempted access to those sites and assets. It helps us in identifying deviations from pattern of normal and expected behavior, whether that's web traffic for those employees or contractors while browsing the network, or the network package content across the servers. So that's how AI is able to play an increasing the critical role in preventing, detecting and remediating cyber threats.

Viral Chawda

Principal, Head of AI, Analytics and Engineering, Government Sector, KPMG

Listen to the full show: 

The post Creating, deploying the right analytics drives better cyber protections first appeared on Federal News Network.

The move to remote working didn’t impact the bureau. Employees already were used to teleworking to some extent and HRSA had expanded its underlying technology infrastructure before COVID-19 to handle large numbers of remote workers.

Congress, through the CARES Act and other bills, gave HRSA funding for hospitals and healthcare providers to help with the response to COVID-19 and to help cover lost revenue attributable to the outbreak.

Adriane Burton, the chief information officer at HRSA, said the grant programs quickly looked to her office for help in getting the money out the door.

“We had to stand up that program very quickly. What we did is we implemented a contractor owned, contractor operated model. But we also had to complement that service with some of the platform-as-a-service offerings as well to support the Provider Relief Fund,” Burton said on Modernizing Government: How employees can thrive in this hybrid work environment sponsored by KPMG. “Another program that we received was standing up the telehealth.hhs.gov, which was a new site to support HHS and its response to COVID.”

She said the expediting of handing out grant money quickly became an IT issue.

HRSA typically takes 90-to-120 days to distribute grants, but through modernized processes and technology, they reduced that time to as little as five days.

“What we did is we held daily meetings with all those key stakeholders. We learned each time that we disbursed grants for different parts of the organization and we were able to reuse some of those processes,” she said. “We also automated, using some scripts to try to make it easier for folks. We basically save 1000s of hours and reduced grantee burden to actually receive the award. We reduced the time, for instance, for issuing funding memos and various other internal activities. We were really proud of the work that we did.”

Burton said the contractor-owned, contractor-operated model wasn’t necessarily new for HRSA. It just let them bring capabilities to the program areas faster.

“Why build a system when you can use a system that already exists? I mean, that’s one of the foundations for the Federal IT Acquisition Reform Act (FITARA),” she said. “What we did is we actually contracted out that service. We complemented with other services, such as Salesforce for our Performance Reporting System, as well as our case management system. We use Salesforce for our contact center, but we didn’t use it for things such as case management and performance reporting before, so we’re really excited about using that technology and starting to integrate that and some of the other technologies that we have in place, as well as we implemented DocuSign. We were using that for our onboarding process to make it easier as for folks to sign off on all the forms electronically.”

Burton said the experience of rolling out technologies to get grants out the door faster or using electronic signatures will make it hard to back to the old processes and expectations.

A good example that success is the telehealth.hhs.gov website. HRSA already put some of the technology pieces to support site and just had to modify them to meet the needs of the new portal.

“We have our find that health center tool where citizens can go and they could find our health centers that provided COVID testing, as well as telehealth services. Then more recently, HRSA has been involved with the vaccination program, so we’ve updated our tools to reflect some of the new services that we do provide,” she said. “The health center site had geospatial capabilities and we were able to leverage that software for the website.”

Reflections on Remote Work

My staff has been working with program folks to figure out ways to expedite the disbursement of the grants. So typically the grant cycle takes anywhere from 90 to a 120 days. What we did is that we were able to reduce that initially to 18 days for the first round the COVID grants, and then we reduced it to 12 days. Then finally we reduced it to five days. So there's been a lot of activity from an IT perspective and support of the programs.

Adriane Burton

Chief Information Officer, Health Resources and Services Administration, Department of Health and Human Services

Current Workflow Capabilities

I think the whole idea of building systems from scratch as opposed to using something that has the foundational capabilities and then you just add to that and customize it to your environment is going to be key moving forward. People are getting used to things happening at record speed so I think long term will be interesting to see to see how that plays out in regards to rolling out capabilities. I think the doors definitely open for that movement, so it'll be interesting to see how things continue down that path.

Adriane Burton

Chief Information Officer, Health Resources and Services Administration, Department of Health and Human Services

Listen to the full show:

The post HHS’s HRSA transformed to expedite COVID grant funding first appeared on Federal News Network.

Intelligent Automation Trends

Many of these automation platforms are starting to integrate other more advanced capabilities. For example, some of the low-code platforms, many of whom are already in production at federal agencies are starting to incorporate robotics process automation (RPA) inherently in their platforms. The other things that the RPA vendors are doing is they're starting to enable application programming interfaces (APIs) to more advanced artificial intelligence and machine learning solutions within their platform. So it makes it much simpler for a government agency who's implementing one of these platforms to tap into what I'll call democratized AI.

Kirke Everson

Principal & Government Intelligent Automation Leader, KPMG

Low-Code Platforms and Intelligent Automation

These [low-code] platforms allow you to stand up new capability in a matter of, and I will dare to say days versus months. One example was we worked with a large federal agency who had agency employees all over the world, and when the pandemic first hit, there was a big concern about the safety of their employees overseas. We actually helped within a matter of days stand up a capability within a low-code platform to start to track where those employees were the process of getting those employees back to the country and making sure that they were safe.

Kirke Everson

Principal & Government Intelligent Automation Leader, KPMG

A recent report from the Robotics Process Automation Community of Practice in the government highlights the impact of this technology over the last few years.

In 2020 alone, the report says RPA program maturity increased significantly with the number of automations deployed across the government increasing by 110% and the number of annualized hours of capacity created increasing by 195%. Last year agencies deployed 460 automations, which is expected to save more than 848,000 hours.

The paper says this growth demonstrates that programs have matured and increased their functional capacity, which meant automation tools became more impactful and therefore increased the demand for these software solutions.

Overwhelmingly, the CFO office is using automation to save time, some 49% of all implementations came from that group. But acquisition, administrative and IT were all in the double digits, showing how success travels.

Kirke Everson, a principal and government intelligent automation leader at KPMG, said a lot of agencies are still in the early stages of applying intelligent automation to their business processes.

“Some of the trends that we’re seeing are agencies are less inclined to just to do, one or two proofs of concept to prove out the technology. Now that they know it works, a lot of agencies are looking to others for lessons learned and implementing RPA programs that are a little bit more robust. And by robust, I mean, more enterprisewide,” Everson said on the Modern Government: Emerging Trends in Intelligent Automation in a Time of Rapid Change show sponsored by KPMG. “I think agencies are looking beyond RPA as well. The whole idea of hyper automation is starting to come into the vernacular of a lot of agencies. What I mean by hyper automation is RPA is definitely a stepping stone to artificial intelligence (AI).”

These advanced capabilities using AI and machine learning can only happen if agencies create a structure to manage the processes and data.

“Many of these automation platforms are starting to integrate other more advanced capabilities. For example, some of the low-code platforms, many of whom are already in production at federal agencies are starting to incorporate robotics process automation (RPA) inherently in their platforms,” Everson said. “The other things that the RPA vendors are doing is they’re starting to enable application programming interfaces (APIs) to more advanced artificial intelligence and machine learning solutions within their platform. So it makes it much simpler for a government agency who’s implementing one of these platforms to tap into what I’ll call democratized AI.”

Everson said an important step to democratizing AI is to make sure employees understand the technology and processes, but they don’t have to be experts.

“With these APIs, I can pull in a very quick machine learning algorithm just based upon what’s already been pre-determined from the vendor and allow, for example, natural language processing of a contract. I can pull in a natural language processing algorithm to read a document and extract certain things from that document, without leaving the low code or the platform,” he said. “These [low-code] platforms allow you to stand up new capability in a matter of, and I will dare to say days versus months. One example was we worked with a large federal agency who had agency employees all over the world, and when the pandemic first hit, there was a big concern about the safety of their employees overseas. We actually helped within a matter of days stand up a capability within a low-code platform to start to track where those employees were the process of getting those employees back to the country and making sure that they were safe.”

Everson added the 2020 memo from the Office of Management and Budget saying bots are non-person entities when it comes to identity management, and agencies can continue to take advantage of intelligent automation as they move more systems and data to the cloud.

“A lot of agencies recognize that developing these capabilities from scratch isn’t the most efficient way to do it. A lot of the large cloud providers are allowing agencies to tap into these capabilities as part of their infrastructure solutions. So if you want to pull in a machine learning algorithm that’s going to do something for you, you can actually pull that directly from, for lack of a better term, an API store, it’s very much been kind of parsed out,” he said. “For certain capabilities, you can use those capabilities by the drink, get the license cost every time you hit that API pay the fee. And it’s a very minor fee. What’s happening is all these things are starting to converge, where you’ve got the infrastructure, the cloud providers, allowing you access to some of these more advanced capabilities through APIs. You’re also having the low code vendors implementing some of these API’s to access some of those capabilities. Then you’ve got also the RPA providers implementing low code and an API into their platform, so there’s this convergence among the software-as-a-service, infrastructure-as-a-service and platform-as-a-service to basically give the customer choices. So there’s really no need to develop these standalone machine learning algorithms unless it’s for a very specific purpose, that may have a mission need.”

The post Low-code platforms, APIs democratizing intelligent automation first appeared on Federal News Network.

State of Supply Chain Security

I think now [supply chain risk] is a topic that has transitioned from esoteric to exoteric as it's more accessible to the public. COVID has made supply chain a dinner table conversation topic, so it's a combination of organizations learning more about third party risk and operational risk, and realizing the consequences of not attending to that risk could be devastating.

Joyce Corell

Assistant Director, Supply Chain and Cyber Directorate, National Counterintelligence and Security Center, Office of the Director of National Intelligence

Using Data to Identify Risk

There's so much information out there that's publicly available, not always for free, but publicly available information from organizations that are very adept at pulling information together for commercial due diligence. I'm really pleased at how this technology has changed. In the last five years, all of these firms are now actually looking at how to apply machine learning and train their AI systems to get at a more exquisite understanding of the data that they have access to. So that's really going to be the wave of the future, being able to tune those systems to get answers to the questions that we want.

Joyce Corell

Assistant Director, Supply Chain and Cyber Directorate, National Counterintelligence and Security Center, Office of the Director of National Intelligence

The old adage “trust but verify” is taking on new meaning with the ever-increasing focus on supply chain risk management.

From the Cybersecurity Maturity Model Certification (CMMC) program to Section 889 and the banning of certain Chinese made telecommunications products, agencies and vendors alike must do more than just say they are doing enough to protect their supply chains.

That means organizations must rely on data to prove the trustworthiness of the supply chain. That data can provide insights into everything from foreign ownership to insider threats to chain of custody.

The challenge of depending on data is how deal with the volume of information and deciding what is most valuable. That is why agencies and companies are applying analytical tools and machine learning algorithms to identify potential risks.

Joyce Corell, the assistant director for supply chain and cyber directorate at the National Counterintelligence and Security Center in the Office of the Director of National Intelligence (ODNI), said over the last three or four years, public and private sector organizations, and Congress have grasped more than ever the threats brought on by the global supply chain.

“I think now [supply chain risk] is a topic that has transitioned from esoteric to exoteric as it’s more accessible to the public.  COVID has made supply chain a dinner table conversation topic, so it’s a combination of organizations learning more about third party risk and operational risk, and realizing the consequences of not attending to that risk could be devastating,” Corell said during the Modern Government: Supply Chain Risk and Security show sponsored by KPMG. “I view this threat from a counterintelligence perspective, not so much about counterfeits in our supply chain, but rather an adversary using a company as a threat vector. That might be a company which might be complicit or not and it’s being used as a threat vector. What kind of untoward level of influence an adversary government may have is certainly a concern.”

One of the best ways to deal with the growing threat is by understanding the data. The challenge for agencies, and industry, is just how much data is available.

“There’s so much information out there that’s publicly available, not always for free, but publicly available information from organizations that are very adept at pulling information together for commercial due diligence,” Corell said. “I’m really pleased at how this technology has changed. In the last five years, all of these firms are now actually looking at how to apply machine learning and train their AI systems to get at a more exquisite understanding of the data that they have access to. So that’s really going to be the wave of the future, being able to tune those systems to get answers to the questions that we want.”

She added that the data help point users in a direction, but may not answer all the risk questions.

“These tools applied to commercially available data really point you in a direction to say, either, here’s a gap where you don’t have information, do you care, does that matter to you from a risk perspective, or, hey, here’s some data that shows that risk is trending up, or risk is trending down,” Corell said. “Those are the kind of tools that help inform your decision analysis. So that is just where I think the government broadly should go. What the government really needs is some type of commercial due diligence service as a shared service for government agencies. There’ll be organizations that are very under resourced and are not going to be able to afford the data that would help them in their decision analysis.”

The Federal Acquisition Security Council and others in government are trying to address these challenges and raise awareness about the value of information sharing.

“One of the things that that we’re doing under the Federal Acquisition Security Council is standardizing how that research is done so that there is rigor and integrity behind it,” she said. “We’re also looking at all the other regulatory regimes that have a supply chain nexus to ensure that we’re harmonizing the factors that we look at, as well as the criteria we use to evaluate what factors in what combination make us think the risk is high, medium, or low.”

Along with the FASC, Corell said there are several other supply chain related efforts, including the DNI is establishing a task force to standardize information sharing of counterintelligence risk information in the supply chain environment, and share that standardize it across the entire acquisition community of the government, and the Commerce Department working with telecommunications companies to develop an information sharing process.

“We’ve already launched work with this venue and that is the mechanism by which we are going to have move forward with a fully coordinated intelligence community position,” she said. “The statutes also required some elements that are not in the intelligence community to participate GSA, OMB’s Office of Federal Procurement Policy and a couple of others. That is a mechanism that we’re going to be able to use to drive the standardization of information sharing.”

The post ODNI shows how to modernize, protect the supply chain first appeared on Federal News Network.

Strategic Imperatives for CIOs

I really see five strategic imperatives for CIOs. The first is manage IT as a business. Funds are always required for big transformations. But yet, when you look at it, roughly 80% of federal IT spend goes to O&M. The other thing is making sure that you have accurate and good cost information for your services and products. Technology Business Management certainly can help in that area. Procurement, spend optimization to include licensing and rationalizing applications, freeing up funds for modernization. I think moving as much on-premise work to commercial cloud environments as you can is a good business investment. And then really take a look at her look at managed services. Everything is a service that's being offered out there.

Joseph Klimavicz

Managing Director, Federal CIO Advisory Practice, KPMG

Security and Agility in the Multi-Cloud Environment

Modernization does not equate to transformation. So I love all the talk about modernization. But transformation is actually more valuable than just modernization. Some of the other trends are data optimization and virtualization. We collect a lot of data in the government, but maybe only use it once. And then it is stored someplace, but nobody ever knows it exists, so we have to minimize dark data. Another trend is rapid software development, low code, no code, micro-services, artificial intelligence and machine learning. We have to lower the barrier to entry to bring products in. There's a lot of training that has to go into bringing real artificial intelligence.

Joseph Klimavicz

Managing Director, Federal CIO Advisory Practice, KPMG

Agency chief information officers face shifting priorities today more than ever before amid the coronavirus pandemic.

These technology executives are realizing the importance of not just IT modernization, but all the pieces to make these efforts success such as cloud, hybrid cloud, application rationalization and the use of the technology business management framework to better understand cost structures of IT.

Joe Klimavicz, the managing director of the federal CIO advisory practice at KPMG and the former Justice Department CIO, said five strategic imperatives emerged for technology leaders over the past few years.

They are:

• Manage IT as a business
• Automate, scale and embrace new technology
• Simplify IT for a consistent user experience
• Protect the environment, but maintain agility
• Leverage data as a strategic asset

“I think digital leaders are certainly investing heavily in the cloud. But lift-and-shift today is not enough. We need to think about the opportunities there. There’s the rehosting or lifting shifting model. There’s refactoring, which is minimal alteration of the application for the cloud. There’s rearchitecting. And that’s taking these monolithic applications that maybe have been around for 20 or 30 years, and rearchitecting them using microservices and containerizing them,” Klimavicz said on the Modern Government: How COVID-19 Changed the Course of Digital Transformation show sponsored by KPMG. “You can rebuild, essentially write new code as a cloud native application, and then replace with a more nimble solution. Clearly, lifting and shifting gets you saving. You can save you a lot of money, but it doesn’t give you the performance increase that you really need. So my take would be re architecting at the very least, or rebuilding.”

Klimavicz said getting the architecture and infrastructure right will open the door to achieving the goals under these imperatives.

“You want to build that trust into it as safeguards and as much as you can. I think you need to take a holistic view of risk, but understand that security in the cloud is a shared responsibility,” he said. “There’s obviously the cloud service provider, there’s also the mission owner and the cloud reseller. There’s the app developer, there’s the network and there’s the security operation center, that’s actually going to monitor 24/7 your workloads that are running in the cloud. I think the environment needs to be architected, implemented and operated with all the regulatory requirements in mind.”

Additionally as employees continue to work remotely, CIOs must take security capabilities like zero trust and identity and access management, end point and mobile application security and other similar concepts into account because the network perimeter is expanding, or even going away altogether.

“As you go to zero trust, you need a plan. For me, zero trust includes strong identity management, that’s very important,” he said. “You do to be able to collect the data at scale, across your entire cloud, in your on-premise environment. You need to collect it across users, applications, devices, infrastructure, software, defined networks are key for zero trust, and then advanced analytics to protect those assets and data and services. And you also need to build a cyber aware culture.”

Over the last six months or so during the coronavirus pandemic, many agencies accelerated these security and cloud initiatives. Now, Klimavicz said, agencies need to think about digital transformation, not just IT modernization.

“Modernization does not equate to transformation. So I love all the talk about modernization. But transformation is actually more valuable than just modernization,” he said. “Some of the other trends are data optimization and virtualization. We collect a lot of data in the government, but maybe only use it once. And then it is stored someplace, but nobody ever knows it exists, so we have to minimize dark data. Another trend is rapid software development, low code, no code, micro-services, artificial intelligence and machine learning. We have to lower the barrier to entry to bring products in. There’s a lot of training that has to go into bringing real artificial intelligence.”

Klimavicz said digital transformation success will come if applications are rationalized and in the cloud, and the workforce has the skillsets to deliver services.

“If you can pay extra attention to the workforce and take care of the workforce, and I extend that to the industry workforce as well, they’ll take care of you,” he said. “There’s a lot of accelerators, connectors that are already built out there, try to take advantage of them. Don’t reinvent the wheel, because if you can leverage what somebody else has already done, they will save you a lot of time in that modernization effort.”

The post 5 imperatives to digital transformation first appeared on Federal News Network.

DLA's Application Modernization Strategy

We’ve baked cybersecurity into how we do [IT modernization] within DLA. You mentioned some Dev/Sec/Ops models and things of that nature. It's all part of the modernization journey to where you're using software-as-a-service, low code, no code. But as you use low code, no code, you want to do it within a Dev/Sec/Ops model. So that cybersecurity is thought of through the development testing, as well as deployment phases. For us, within DLA, with the number of applications we have, setting up this Dev/Sec/Ops factory allows us to really more efficiently control our costs, when you have a bunch of system integrators coming into your agency, they all have their own flavor of tools they like to use.

Adarryl Roberts

Program Executive Officer, Defense Logistics Agency

Workforce Tools and Challenges to Application Modernization

We’re not talking about applications anymore within DLA. We really are talking about business capability needs. We’re shifting from managing applications to managing by business capability area. What’s the mission and function that you're providing? What's the business capability you need to perform that mission? And then from a technology perspective, it doesn't matter if it’s an IBM product or a Microsoft product or a SAP or Oracle product, what’s the capability that you need to utilize, and we provide that.

Adarryl Roberts

Program Executive Officer, Defense Logistics Agency

When it comes to technology and digital services, speed is often mentioned right after security.

The faster an agency, or any organization for that matter, can deliver new capabilities, the better it can meet customer needs.

This is why the buzz around the use of low code or no code platforms has grown over the past years. Now it’s a part of the Dev/Sec/Ops and agile discussion.

Adarryl Roberts, the program executive officer at the Defense Logistics Agency, said the agency has been on a modernization journey for much of the past few years. At one point, DLA had more than 1,300 systems and 194 applications, and it was challenging, to say the least, to manage and secure them.

DLA kicked off its application modernization strategy by releasing a request for information in 2019 and eventually awarded a contract in September to take advantage a cloud platform for its enterprise resource planning (ERP) system.

“We really want to reduce the amount of infrastructure that we’re sustaining and leverage as much commercially viable products as we can,” Roberts said during a discussion sponsored by KPMG. “One of the other major efforts we have is called the warehouse modernization system (WMS) effort, that’s also migrating our distribution piece to SAP standard software. And it’s going to combine our ERP, where our financial and other integrated business applications live, with our warehouse modernization efforts so that we have one ERP instance, as we rationalize and create a platform for our customers.”

Part of this modernization effort is the use of low code, no code platforms. Roberts said DLA recently made an award to ServiceNow to use their software-as-a-service platform to modernize applications.

“We’re leveraging the ServiceNow platform to get productivity efficiencies for our workforce, as well as move some of the ability to bring technical solutions to the employee themselves. So we call them citizen technologists here and DLA digital citizens,” he said. “How do we provide these low code, easy to enable platforms to the customer? We’re developing that concept here. How do we create citizen technologists, so that as a logistician, with a little bit of training, can actually create some low code acquisition or workflow products, while we maintain oversight from a cybersecurity and sustainment perspective? So we’re using low code and the ServiceNow platform as a baseline.”

Before DLA can open up the low code, no code platform, Roberts said it has to get the underlying architecture correct. This means ensuring cybersecurity is “baked in” from the beginning through the Dev/Sec/Ops methodology and

“[A]s you use low code, no code, you want to do it within a Dev/Sec/Ops model. So that cybersecurity is thought of through the development testing, as well as deployment phases,” he said. “For us, within DLA, with the number of applications we have, setting up this Dev/Sec/Ops factory allows us to really more efficiently control our costs, when you have a bunch of system integrators coming into your agency, they all have their own flavor of tools they like to use.”

Roberts said this approach will reduce DLA’s cyber risks and ensure standardization across the agency.

“We’re really leaning upon governance, a partnership with our functional community. And we’re not really labeling this as just an IT modernization, but this is an agency modernization based on reviewing our business processes, as well as other aspects of the business and DLA,” he said. “I think at DLA, as well as other agencies, people have begun to realize IT is not a nice to have anymore, it’s actually the business, it’s part of the business, no one can conduct business without it. We’re really trying to change the culture and make sure we’re looking at this from a lifecycle management perspective, as opposed to a legacy system discussion and a modernization discussion.”

One way DLA is doing that is through changing the discussion from applications to business needs.

Roberts said the questions that the IT department is asking focuses more on business capabilities needed to meet mission instead of technology requirements.

“[F]rom a technology perspective, it doesn’t matter if it’s an IBM product or a Microsoft product or a SAP or Oracle product, what’s the capability that you need to utilize, and we provide that,” he said. “If we focus the user and ourselves on what capability or function tasks you need to perform, and we show them how they’re able to do that more efficiently, that’s only going to help in terms of cost savings, and by removing duplicative capabilities across the enterprise. So that’s a driving factor in terms of what we’re looking at here. Where do we have duplicate of technology, not because we actually need it, but because people weren’t aware of what was in the inventory and how we could leverage it? We are going to see some immediate savings just from an IT perspective, moving to these commercial cloud environments, leveraging more commercial applications versus government developed products. But then we’re also going to start seeing productivity increases efficiencies across the functional workspace as well.”

The post DLA’s application modernization focused on business needs, not technology requirements first appeared on Federal News Network.

This transformation effort includes a host of initiatives from enterprise IT-as-a-service to workforce training to the use of zero trust principles and identity and access management to secure data.

Lauren Knausenberger, the deputy chief information officer of the Air Force, said each of these initiatives are moving the service forward and toward a better future, but it was the coronavirus pandemic that in many ways added fuel to the fire.

“A lot of our airmen in the field know things are broken and are trying to do things on the move. A lot of us back in the Pentagon, we have [IT] teams. We have devices that work. If a senior ranking official says something is wrong, it gets fixed fast,” Knausenberger said on the Modern Government: How COVID-19 Changed the Course of Digital Transformation show sponsored by KPMG. “But we have to make it equal to everyone and the coronavirus made it equal for everyone. Everyone was at home trying to figure out how to make this work. Everyone realized that those airmen who have been saying for years that it really stinks was an understatement when we are not in the building trying to do our job.”

Knausenberger said a perfect example of making it equal was in connecting to the network through a virtual private network (VPN). She said the Air Force went from 7,000 people a day to having to support upwards of 650,000 people a day.

“We were not poised for telework, but we had incredible team. We told the IT team this is your time on the front lines, you have to get everyone up fast, act like you have money. Those guys went out and got us up to 400,000 VPN connections. They got us down from 40 hops to send an email, which is ridiculous, to 8 hops so you can send emails so much faster than we used to. They cut through some of the legacy because we said this is your mission, go do it and we will fund you right now,” she said. “That level of focus and that level of culture change I don’t think anything would have done this for us short of a war. COVID is the crisis that we need to drive forward the digital transformation and we are trying not to let the crisis go to waste.”

Going forward, Knausenberger said her priorities include continuing to build the digital foundation that things like Cloud One, Platform One and artificial intelligence can rely on. She said the Air Force also is testing a zero trust architecture, investing in Digital University, where 9,000 airmen are enrolled to gain the IT skillsets needed in a digital Air Force, and is ruthlessly attacking manual processes and policies, anything in their way of going fast and costing them money.

“We are launching operation flamethrower. We are burning these things with fire and they have no place in our Air Force anymore,” she said. “One of the big things we just kicked off is robotics process automation. We had our digital wingman challenge in the spring where airmen came up with some incredible ideas. We had folks automating their executive functions where they had to go to multipole databases and put them in PowerPoint. They are completely automating that. Any type of standard report, they are automating that. Sometimes when they have to reenter things in multiple systems, they are automating that too. With that, I’m looking forward to in the short term really enabling more airmen. We’ve invested more in RPA. Even more exiting, we will be able to use the data to see exactly how much time we are wasting with crazy process and crazy software. That will help us focus our spend on what parts of the software apparatus we need to fix permanently.”

Current Air Force Modernization Efforts

[The IT team] got us down from 40 hops to send an email, which is ridiculous, to 8 hops so you can send emails so much faster than we used to. They cut through some of the legacy because we said this is your mission, go do it and we will fund you right now. That level of focus and that level of culture change I don’t think anything would have done this for us short of a war.

Lauren Knausenberger

Deputy Chief Information Officer, Air Force

2021 Goals and Initiatives

We are going to ruthlessly attack manual processes, policies or hardware, anything that is in our way of going fast, especially if it’s in our way of going fast and especially if it is costing us money and slowing us down. We are launching operation flamethrower. We are burning these things with fire and they have no place in our Air Force anymore. One of the big things we just kicked off is robotics process automation.

Lauren Knausenberger

Deputy Chief Information Officer, Air Force

Listen to the full show:

The post The urgency of COVID accelerated the Air Force’s IT modernization first appeared on Federal News Network.