It has been a slow few weeks toward the end of the summer and into early fall around personnel changes in the federal IT community after a busy summer that saw three long-time chief information officers leave their roles.

Let’s recap the summer changes: Beth Killoran moved to a new role in at the Department of Health and Human Services and Sylvia Burns took a new role at the Federal Deposit Insurance Corporation from the Interior Department. Pam Dyson left the Securities and Exchange Commission after eight years for a new job at the Federal Reserve Bank of New York.

Joining the trail of IT executives changing roles is Robert Leahy, the deputy CIO at the Office of Personnel Management.

Leahy returned to the IRS after spending the last almost two years with OPM, according to a post on Twitter by former OPM Director Jeff Pon on Oct. 2. Pon either resigned or was fired just three days later.

Leahy worked for the IRS for 26 years before joining OPM in January 2017 to lead the development of the agency’s IT risk management function and CIO strategic plan. He served for a short time as the acting CIO of OPM as well.

He also managed the OCIO’s budget and contracting functions that managed nearly $500 million.

It’s unclear what Leahy will do in his return to the IRS. During his time with the tax agency, Leahy was the associate CIO for strategy and planning, director of enterprise technology implementation and chief in the Office of Compliance Analytics.

Over at the U.S. Citizenship and Immigration Service, Deputy CIO Keith Jones retired, according to a posting on LinkedIn.

Jones has been deputy CIO since 2012 and worked at DHS since 2006 and has more than 36 years of federal service.

A few other IT executives are moving to new roles.

Paul Tibbits received a promotion executive director of the Electronic Health Record Modernization Integration at the Veterans Affairs Department.

Tibbits moves into the new role after spending the last 11 years in the VA CIO’s office. Tibbits was the program executive officer for Financial Management Business Transformation since April 2017, and before that he served in various deputy CIO roles.

He replaces Genevieve Morris, who unexpectedly left in August after coming over on detail from the Office of the National Coordinator for Health IT.

In his new role, Tibbits takes over the OEHRM, which VA created in June to manage the preparation, deployment and maintenance of its new electronic health-care record system and the health information technology (IT) tools.

VA and the Defense Department are working closely on this electronic health record implementation and Tibbits brings more than 28 years of experience working for the military.

Finally, Kevin Youel Page, the former deputy commissioner of the Federal Acquisition Service at the General Services Administration who left in 2017, decided to join Deloitte and end his time as an independent consultant.

At Deloitte, Youel Page is a special executive focusing on shared services and service delivery transformation.

Youel Page started Onetegrity with former FAS Commissioner Tom Sharpe in July 2017. Sharpe continues to run the company, according to his LinkedIn page.

Read more of the Reporter’s Notebook

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The decision by the Office of Management and Budget to name the Department of Housing and Urban Development as the next agency to use the Centers of Excellence (CoE) approach to modernize is both not surprising and a huge risk.

HUD has been trying to move to a new contracting approach to modernize its technology infrastructure for the better part of the last three years. It current contract, named HUD HITS — a $1 billion award made in 2005 to Lockheed Martin and Hewlett-Packard to run its infrastructure under a managed services contract — is now three years past its initial expiration date, providing the true definition of operations and maintenance.

And as one industry source told me several years ago, HUD remains a tough place to work because the ingrained culture at the agency continues to frustrate senior executives and the management support to change the culture also comes in waves.

So putting the spotlight on HUD under the CoE initiative means OMB and the General Services Administration is betting big on the top-level support that previous chief information officers didn’t have enough of over the last decade.

David Chow is HUD’s new CIO, coming over from the National Credit Union Administration about six weeks ago. He walks into the agency with a laundry list of priorities, at the top of which are the CoE initiatives and the application modernization project for which HUD received an extra $20 million from the Technology Modernization Fund (TMF).

Chow is the second CIO for HUD over the last year, replacing Johnson Joy, who resigned in March after only nine months.

“There has been a lack of consistency at the Office of the CIO’s level. There have been constant changes at the CIO leadership level. Each CIO comes in with a vision and it doesn’t translate to a long-term roadmap. That has been consistently an issue within the organization,” Chow said in an interview with Federal News Radio. “What the CoEs does a little differently here is we are actually having the business lead the overall effort. So let’s say one day if I’m not here, there’s still the roadmap that we are developing the foundation to be put in place. The CIO is actually interchangeable because once we have the roadmap, we can have other people help to execute the overall solution. This is part of the reason we are taking this initiative a little differently.”

The recognition by OMB that past IT modernization efforts at HUD led by Jerry Williams, the CIO from 2009 to 2013, and Rafael Diaz, the CIO from 2014-2017, failed to make a difference is why HUD is the perfect second agency to use the CoE approach. The Agriculture Department kicked off the CoE initiative in December 2017.

HUD’s challenges are as far as they are wide. Just take a look at what the Government Accountability Office reported in 2017, HUD would spend about 87 percent of its IT budget on operations and maintenance (O&M). This was actually good news considering HUD spent 95 percent, 92 percent and 94 percent on O&M during 2014, 2015 and 2016, respectively. Final data for 2017 and 2018 was unavailable.

During his tenure, Williams focused on improving HUD’s overall project management efforts as well as improving the CIO’s oversight of IT spending. Diaz picked up on some of what Williams did and focused on creating a more accurate view of the agency’s architecture. He wanted to do away with shadow IT and take control of IT investment planning.

Without a doubt, the efforts by Williams and Diaz made some progress. The Federal IT Dashboard shows 57 percent of all HUD IT projects are using iterative or agile development methodologies, while 79 percent of all IT investments are on time and on budget.

Chow said like many agencies HUD continues to struggle in two key areas: IT projects are not delivering capabilities quickly enough and there is a lack of strategic plan to meet mission goals.

“The CoEs are a great opportunity to make sure that we are engaging the business using the General Services Administration’s proven methodology to go through the assessment and really having the business leading the initial effort under Phase 1 to look at the business processes that could be convoluted and creating difficulties for the public to use, or also internally that it’s not providing the necessary benefits from an IT standpoint,” Chow said. “Phase 1 of the initiative is to have the business look at the overall process from the business aspect and what do we need to improve upon, and then translate that into IT requirements that in phase 2 we are looking to build out.”

Chow said this approach is much different because the CIO and program managers are not dictating the overall solutions.

HUD will take a similar, but different approach to that of the Agriculture Department, which moved into the second phase of  the CoE effort earlier this summer.

Chow said HUD and GSA signed the interagency agreement last week to kick-off phase one, which will be a 6-to-8 month effort with a planned completion date by March 31.

Then, HUD will move to phase 2, which over the following 18 months will implement the plans developed under the initial planning stage.

In the meantime, HUD is holding an IT industry day led by its Office of Small and Disadvantage Business Utilization (OSDBU) later this fall where Chow plans to talk about his vision and roadmap.

Phase 1 efforts will look across five areas:

• Business process reengineering with a specific focus on the customer experience around the lifecycle of grants;
• Cloud adoption for those associated business processes;
• Data analytics to ensure the data is a high enough quality using business intelligence and artificial intelligence capabilities to help leaders make better decisions;
• Transformational changes to the CIO’s office, where the task force will address human resource challenges and oversight of IT spending;
• Contact center where the task force will focus on customer experience when citizens interact with HUD around the status of grants or other transactions as well as look at different ways to present information consistently.

Chow said GSA is committed to helping out under phase 1, but it’s unclear the direction HUD will go for phase 2 right now.

“We have this convoluted way where each office has its own grant process. At the same time, there are a number of systems in place and there is not a good way of managing the grant process through applications, which is causing confusion to the public and causing unnecessary burden on the public,” he said. “Under the secretary’s OneHUD initiative, we want to bring everyone together to look at the 80 percent solution from the business process standpoint. We want to reengineer our current grant lifecycle process to that 80 percent solution. Then for the other 20 percent, we are looking to configure a tailored solution for each of the office’s needs.”

Chow said that 80 percent solution also will help HUD focus on the data using AI and other emerging technologies based on the risks to the agency, which, in turn, will help save the analysts time to review and process grant applications.

As HUD moves into phase 1 of the CoE effort and uses the money it received under the TMF, Chow said there are several short term goals to create confidence in this latest effort across the agency.

“I want to make sure we have transparency with our project management. I want to elevate our project managers. I want to make sure I welcome people to poke into our projects and ask necessary questions. I want to partner with program offices and stakeholders to make sure they have a critical seat at the table,” he said. “It’s not going to be me that is setting out the direction of the IT, but it’s going to be a collective effort working with the program office to make sure our IT investments aligns to the overall HUD objectives. It’s not for me to go out there and tell them what technology we want to us, or toy we want to buy. This should be a collective effort with the program office.”

Let’s hope the CoE approach combined with OMB and agency leadership support finally moves HUD into the 21^st century with its mission systems as we’ve seen enough fits and starts over the last decade.

Read more of the Reporter’s Notebook

Chalk up a win for the “little guys” under the $50 billion Enterprise Infrastructure Solutions (EIS) telecommunications contract.

Granite, one of the six new vendors on the governmentwide contract run by the General Services Administration, realized the first big win on EIS, coming out on top of a bid protest by convincing the Labor Department to change its “winner-take-all” strategy for its network modernization effort.

Labor told the Government Accountability Office it would take corrective action by re-releasing its fair opportunity solicitation under EIS. With this notice from Labor, GAO dismissed Granite’s protest on Sept. 25.

“Give Labor credit. In my view, they looked the protest and said, ‘Yes, the way this is structured, we unintentionally have eliminated some of the new players and created situation where we might not get the best opportunity for the government,” said Sam Kline, general manager for Granite Government Solutions, in an interview with Federal News Radio. “They said they will go and change it. I thought this was going to be a long drawn out process and I think they realized this was best thing for the department and for the government because more competition is a good thing. They will get better prices and services.”

Granite filed the first bid protest of an EIS solicitation Aug. 27 alleging the request for quotes penalized any offeror that doesn’t already have all the required services on its contract, thus favoring the incumbents of the Networx contract and eliminating many of the new vendors from competition.

Multiple emails to Labor seeking comment on the EIS decision were not returned.

Kline said as part of Granite’s protest filings, it offered an idea for a new approach Labor could take to open up the competitive landscape.

“We have suggested a different grouping that may make sense. I’m not sure how they will change it, but I think they understand the logic behind different grouping and will do something that allows for more competition,” Kline said. “We suggested grouping all voice services, all data service and all wireless services would be more logical groupings. Some of the more difficult security services that the new folks wouldn’t have easy access to could be separated out.”

Granite’s win is important for several reasons.

First, several other agencies, including the Justice Department and the Social Security Administration were taking similar “winner-take-all” approaches to EIS. So when these and other agencies see Labor’s decision to rethink its approach, they should pause before releasing their solicitations.

Without knowing the specific reasons behind Labor’s decision, one can only guess that after reviewing the initial filings of the bid protest, the government’s lawyers likely felt they would lose the protest and it was just quicker to pull back and update the RFQ strategy.

Second, Granite, Met-Tel, Core Technologies, MicroTech, Harris, and BT Federal need to compete on a level playing field to make any inroads into the federal telecommunications sector that is stocked with 25-year incumbents. This protest win is a step toward keeping the competition fair.

And third, Labor’s decision also reemphasizes the Office of Management and Budget’s goal of EIS—to modernize agency networks and infrastructure. Labor can use this pause to reconsider its modernization strategy.

“We hope agencies want the same thing as Labor, which is good competition and great services,” Kline said. “There are more competitors with the new players who are a little smaller, more limber and hopefully we will be in the mix. Hopefully, agencies which are waiting a little bit to release their RFPs will see this and it will give them some direction.”

Granite and other EIS vendors are expecting a busy winter around EIS. As of July 31, only 10 civilian agencies — eight large and two small — have released at least one fair opportunity solicitation under EIS.

The American Council for Technology and Industry Advisory Council (ACT-IAC) released two white papers and a report from its June EIS Network Modernization Summit.

From the summit, the report highlighted five big ideas:

1. Go big, and when in doubt, go bigger. There is tremendous change capacity under EIS and chances are your plans will change before you finish.  (Tim Quinn, Department of Interior)

2. If you are not prepared to manage it, you are not prepared to transition it. (Gary Wall, Coastal Communications Consulting Group)
3. There is no end to this journey. Be willing to change plans. (Suzette Kent, OMB)
4. Modernizing and being late is still preferred to not modernizing and being on time. (Margie Graves, OMB)
5. Get everyone on board – business, financial, and IT resources should all be focused on the same objective. (Crystal Philcox, GSA)

The two white papers focus on developing high quality proposals and alternatives to the “full service option” GSA used to offer under the old telecommunications contracts.

Read more of the Reporter’s Notebook

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

In about a week, the Office of Federal Procurement Policy will have been without a permanent leader for two years. That’s 720 days without a Senate confirmed, presidentially appointed executive to lead administration acquisition reform and deregulation priorities.

And Lesley Field, the deputy OFPP administrator, will become the longest serving OFPP administrator ever, racking up more than 4.25 years as acting administrator over the last 10 years.

Field, who became OFPP deputy administrator in July 2008, has been acting four times during her tenure. The first was in September 2008 when Paul Dennett stepped down, and then three more times, including since October 2016 when Anne Rung left for Amazon Business.

While Field is no longer technically acting administrator as the 210-day limit under the Federal Vacancies Act kicked in months ago, she is considered by almost everyone in the acquisition community still to be the leader of OFPP.

Meanwhile, the White House has not nominated anyone to be the OFPP administrator and it’s unclear when a candidate will emerge. Several sources confirmed four potential candidates didn’t make it through the vetting process over the last two years, and the one qualified executive that would’ve made it through the process, Emily Murphy, ended up running the General Services Administration.

“[The Office of Management and Budget]’s Deputy Director for Management Margaret Weichert was just recently confirmed in February of 2018 and is working to build out her team and find the right person to lead OFPP,” OMB spokesman Jacob Wood said in an email to Federal News Radio. “Because of the great work Lesley Field, Mathew Blum, and the OFPP team do in the absence of a Senate-confirmed OFPP administrator, it has afforded Ms. Weichert the ability to selectively search for a quality caliber candidate to help drive the procurement policies laid out in the President’s Management Agenda.”

So all of this begs several questions: Does the government even need an OFPP administrator anymore? And if not, would Congress even consider changing the position from one that is Senate confirmed to one that is just presidentially appointed?

Or if so, why can’t the administration find someone to take the position?

“I would support making OFPP administrator a career position,” said Rob Burton, a former deputy OFPP administrator and now an attorney with Crowell & Moring. “Historically political appointees don’t stay longer than about two years, and that becomes a drain on office resources to prepare for confirmation hearings and new appointees. There is an enormous amount of work going into that.”

But Burton, like other current and former acquisition executives, say while Field and the OFPP staff are among the best in government, not having a permanent OFPP administrator is problematic in specific instances.

“We are at a point in time when you could really make some significant changes to the way our federal government buys, but you have to have someone at the political level to lead that,” said Angela Styles, a former OFPP administrator during the administrator of former President George W. Bush. “You have industry, Congress, the Defense Department and really everyone understands the need to simplify the acquisition system and make it easier to access technology and commercial products and services. But there is not one person leading the effort. For at least right now, that is the most significant problem.”

This is true for many of the Trump administration’s priorities ranging from IT modernization to category management to federal spending transparency to improving the management of major acquisitions. Styles also said the Section 809 panel will be making recommendations in the coming year around acquisition reforms. The OFPP  administrator normally would be leading the decision process of which reforms to implement.

While Field, Blum and others in OFPP are quite capable to lead these efforts, Styles, Burton and other experts say having a political appointee in place would make a huge difference in the success of these initiatives.

“It’s the gravitas and being in the room,” said Styles, who now is a partner with Bracewell. “Lesley and staff are incredible, but you have to have somebody who is comfortable leading in that role. Only a political appointee who is confirmed will have enough gravitas to be in the room to get the okay from OMB Director Mick Mulvaney. Otherwise, it’s hard for Lesley and OFPP staff to make decisions when leading any priority. That is why we are not really seeing anything new out of OFPP. That’s not Lesley’s job. Her job is to tend the house.”

Burton added it’s well-known and widely recognized that it’s easier to promote aggressive agenda with political appointees in OFPP because there is more of a tendency for politicals to want to deal with politicals.

At the same time, the case for not having a permanent OFPP leader any longer is getting easier to make.

A current federal acquisition official, who requested anonymity because they didn’t get permission to talk to the press, said because the acquisition community respects and admires Field and OFPP career staff so much, progress is being made.

“I think from a procurement perspective when we bring issues to her, they do get addressed. Does Lesley have the ear of all politicals? I’m not always sure,” the official said. “I’m not sure she can or is willing to escalate certain issues that may be political bombs up there. But that being said, we haven’t had anything come up in the last 15 years where the world would fall apart in procurement.”

The official said the federal acquisition system is one of the more mature areas of government so the process to change whether around the President’s Management Agenda or from new laws is well known and understood.

“Lesley has the ability to push back, but has to be more graceful and know how to push back,” the source said. “You want people sitting in the agencies to help to push back against a bad idea. A lot of us raise issues to our political leadership if they have the clout to whisper back in OMB’s ears. She has been able to slow things down and have them rethink certain things because she is well admired and successful. What I like about what we do is it’s not political so it’s easier to talk common sense and impact. There is not a lot of politics surrounding what we do so that helps us have the ability for her to have good fact-based conversation.”

But others say not having a permanent OFPP administrator is slowing down the one way to change the acquisition process: regulations. From Jan. 20 to Dec. 31, 2017 only one final rule came out under the Federal Acquisition Regulations. And this year hasn’t been much better with 52 open FAR cases as of Sept. 14 and only 12 final rules.

Without an OFPP administrator and with Weichert’s focus must be on the big picture issues,  there isn’t anyone in OMB ensuring the Trump administration’s deregulation effort is moving forward.

Additionally, sources say agencies are considering deviations to the FAR instead of proposing new rules because there is little confidence that new rules would happen anytime soon.

“It’s important to have someone who can clearly define what our path for acquisition is in regards to other elements of OMB’s priorities, like IT modernization,” the federal official said. “I’m not sure if Lesley carries the clout or has ability to push the envelope. It’s not good to have someone in there with an acting title. It implies that they are not the final decision maker. But if you have to have someone, Lesley is good and the right person to have as acting.”

But nearly all the experts say having Field continuing to act is better than bringing in an under qualified or unqualified appointee. Additionally, experts say with Murphy leading GSA the administration may not be in a hurry to name a permanent OFPP administrator.

“The fact that Emily has a strong background in acquisition, is a political appointee and in a position to influence governmentwide policy, maybe there is a lot of communications between GSA and OFPP and that is filling the void,” Burton said. “The relationship between OFPP and the GSA administrator may mitigate the fact there isn’t political arm at OFPP.”

There are many who believe the lack of a permanent OFPP administrator is a symptom of a bigger problem that every administration seems to have when they take office.

“One day someone will wake up and realize that procurement is really a critical piece. They brush it off as always being late or slow or because of the FAR. But they are not thinking about the fact that we are heroes in fixing the problem. If you don’t have a good contract in place, you can’t get anything done,” the federal official said.

Read more of the Reporter’s Notebook

The White House rolled out a new cyber strategy for the first time in 15 years.

While most of the coverage of the National Cyber Strategy focused on the Trump administration’s decision to roll back Presidential Policy Directive-20 and give the Defense Department and the intelligence community more flexibility and authority to conduct offensive cyber operations, John Bolton, the national security adviser, said the real goal of the unclassified and classified versions of the strategy was to deter adversaries from attacking the government, critical infrastructures and businesses, while also preparing for the future.

“The strategy directs the federal government to take action that ensures long-term improvements to cybersecurity for all Americans,” Bolton said, during a Sept. 20 press briefing. “Recognizing that cyber must be integrated into other elements of national power, the strategy is structured around the four pillars of the National Security Strategy.  Each of the four pillars includes a number of focus areas with associated priority actions to secure and preserve cyberspace.”

The reaction to the strategy was decidedly mixed.

Rep. Mike McCaul (R-Texas), chairman of the Homeland Security Committee, said in a statement, “This strategy will help better combat malicious cyber acts from foreign adversaries like Russia, China, Iran, and North Korea. I have consistently said we must call out our enemies, send a strong message that we will respond when attacked, and ensure there are real consequences if we are.”

While Rep. Jim Langevin (D-R.I.), co-founder and co-chair of the Congressional Cybersecurity Caucus and a senior member of the Committees on Armed Services and Homeland Security, said in a statement: “While I appreciate that the Trump National Cyber Strategy is in line with the bipartisan progress that has been made over the past two decades, it does not go far enough in accelerating the reforms that need to be made. Cybersecurity is the national and economic security challenge of the 21st Century, and it deserves a whole-of-government treatment. Unfortunately, the strategy is largely a restatement of recommendations that have carried through the last several administrations.”

Industry reaction was mostly vanilla too. Many experts congratulated the White House on the strategy update and for taking a harder stance to call out and respond to cyber attacks from nation states.

For our purposes, let’s just focus on the areas where federal agencies and contractors will be impacted the most.

Here are four items from the strategy that you need to know about:

More aggressive oversight of contractor systems

While there is little new or interesting under Pillar One of the strategy, which focuses on securing federal networks and data, the section around vendors stands out. The strategy states:

“Going forward, the federal government will be able to assess the security of its data by reviewing contractor risk management practices and adequately testing, hunting, sensoring, and responding to incidents on contractor systems. Contracts with federal departments and agencies will be drafted to authorize such activities for the purpose of improving cybersecurity.”

This is, by far, the most aggressive stance the government has taken with contractors who host federal data on their networks.

And it comes after reports found Russian hackers exploited small and large defense contractors under an attack called “Fancy Bear.”

The government has for years tried to work with contractors to protect federal data. In 2013, the Defense Department required vendors to meet National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 regulations to safeguard controlled unclassified information by Dec. 31, 2017.

The Office of Management and  Budget also released similar guidance aimed at vendors in 2015.

But based on what the Trump administration is seeing, a more aggressive stance now is expected.

Read between the federal workforce lines

The clamor for more and better trained cybersecurity workers is never ending in both the public and private sectors. Agencies have an even tougher time as few have anything more than direct hire authority to attract workers with this expertise.

This is why the Homeland Security Department’s new personnel readiness system combined with its authority to pay cyber workers 20-to-25 percent more is a major reason why the administration is looking to change how cybersecurity workers are managed.

“[T]he administration will explore appropriate options to establish distributed cybersecurity personnel under the management of DHS to oversee the  development, management, and deployment of cybersecurity personnel across federal departments and agencies with the exception of DoD and the IC. The administration will promote appropriate financial compensation for the United States Government workforce, as well as unique training and operational opportunities to effectively recruit and retain critical cybersecurity talent in light of the competitive private sector environment.”

To understand this concept more, check out the administration’s reorganization plan where it highlights cybersecurity workers as completing the identification of gaps in the cyber workforce and creating new programs to help fill them.

Securing the federal supply chain

Over the last two years, the focus on better securing the federal government’s technology supply chain has turned up several notches. The strategy highlights the need to better integrate the supply chain risk management into the acquisition process. Some agencies such as the National Nuclear Security Administration and the Defense Logistics Agency are out ahead of most agencies.

“This includes ensuring better information sharing among departments and agencies to improve awareness of supply chain threats and reduce duplicative supply chain activities within the United States government, including by creating a supply chain risk assessment shared service. It also includes addressing deficiencies in the federal acquisition system, such as providing more streamlined authorities to exclude risky vendors, products, and services when justified. This effort will be synchronized with efforts to manage supply chain risk in the nation’s infrastructure.”

DHS launched supply chain initiative earlier this year, released a request for information in August seeking to establish a business due diligence capability. Responses to the RFI are due Oct. 19.

All of this is part of the pre-planning to create this shared service and address the deficiencies in agency supply chain programs.

 Legislative actions in the short term

Among the biggest holes in current federal law is the computer crime statutes that are severely lacking and hampering the FBI and other law enforcement agencies.

The 1984 Computer Fraud and Abuse Act has been updated six times over the last 24 years, but many experts believe the current state of laws are well behind the times.

“The administration will work with the Congress to update electronic surveillance and computer crime statutes to enhance law enforcement’s capabilities to lawfully gather necessary evidence of criminal activity, disrupt criminal infrastructure through civil injunctions, and impose appropriate consequences upon malicious cyber actors.”

The goal now is to convince Congress that changing the law is both necessary and among their top priorities.

Read more of the Reporter’s Notebook

Few would argue that among the most frustrating of all the cybersecurity requirements agencies must adhere to is the Trusted Internet Connections (TIC) initiative.

While maybe some vendors will tell agency chief information officers meeting the requirements under TIC isn’t difficult, it would be hard to find an agency CIO who agrees.

This is why so many CIOs are waiting with bated breath for the Office of Management and Budget to finalize new TIC policy and requirements.

Be sure it’s coming as Federal CIO Suzette Kent said the TIC policy is one of several updates expected in the coming weeks.

Before we jump into what this new policy may look like, let’s go back in time. OMB launched TIC in 2007 around the concept of reducing the number of internet access points and then putting advanced software tools to monitor traffic coming in to and going out of agency networks.

But a lot has changed in federal technology over the past 11 years and many say the old policy is causing more problems than it’s solving, including making the full adoption of cloud services much more difficult than it needs to be.

“The goal of TIC was simple, but it was about network as the boundary,” said Susie Adams, CTO of Microsoft federal, in an interview. “Now the network isn’t the boundary anymore so what are you trying to protect against? Clearly there are legacy systems that need to be protected against threats on the internet, but when it comes to cloud the edge really moves. There is no edge anymore. If you connect to multiple clouds like most are today, how will they manage that environment? That is the real problem and TIC wasn’t built to address that problem.”

Adams said as TIC merges into the Homeland Security Department’s continuous diagnostics and mitigation (CDM) program, agencies are struggling to follow best practices where they focus on the application layer and use machine learning and artificial intelligence to monitor potential and real threats.

DHS and OMB recognized this problem and kicked off several pilots for how TIC could be upgraded.

SBA pilots new approach to TIC

The Small Business Administration was one of those agencies and recently finished its test and sent the results to OMB.

Sanjay Gupta, the SBA CTO, said at a recent cyber event sponsored by FCW, that the 90-day pilot fully integrated with CDM tools to meet the requirements of the policy but without the challenges that usually come with TIC, such as latency and complexity.

“We have out of the box functionality and when we demonstrate it to DHS, they were impressed that we have full visibility into our network,” Gupta said. “Our goal was to improve the cyber posture of SBA. We have one set of tools that oversee our entire IT environment.”

Guy Cavallo, the SBA deputy CIO, said the agency took cloud security tools to look at on premise and cloud network services.

“We are not matching control by control of the current on-premise TIC or CDM requirements,” he said. “We are getting alerts when people sign in from weird places or other potential threats.”

Cavallo said SBA also has to manage fewer tools, which means fewer things to patch and using 100 percent of the functionality of each tool instead of 5 percent-to-10 percent functionality of 30 tools.

Gupta said SBA has provided details of its TIC pilot to about 30 agencies where 300-to-400 people have seen their demonstrations.

While Cavallo and Gupta couldn’t offer to many more details about SBA pilot as they are waiting for OMB’s final comments, Microsoft issued a blog in June that captures more than enough basics to understand the pilot.

“SBA is using modern tools through the Azure security center. These are cloud tools to gather analytics that look at the metadata. We can tell if a user’s identity has been compromised, we can flag it and the ask administrator to look at it. They can then ask the person to reset their password,” Adams said. “There are modern ways to look at the hygiene of systems, making sure they are patched and looking at it from digital state perspective. This is true if you are managing across multiple clouds. SBA is using modern technology to get more in-depth telemetry. The current TIC is only looking at net flow data, but through the pilot SBA has all kinds of data. It takes a lot more than TIC to manage on-premise and cloud assets. SBA took a real different approach to doing that.”

Energy, Justice find alternate approaches

Along with SBA, the Energy and Justice departments are taking on the challenge of the current TIC requirements.

Like SBA, Energy was a pilot agency. Max Everett, the Energy CIO, said he has been working with OMB and DHS to improve the TIC process especially as it relates to cloud services.

“We just wrapped up the first round of a pilot for cloud email where we were  looking at different options,” he said at the recent Tech Trends conference sponsored by the Professional Services Council. “We need security, but need to move forward with cloud and mobility so the TIC model and architecture has to change.”

Joe Klimavicz, the Justice CIO, said his agency moved to two TIC stacks and identical configurations for cloud services, one for Azure and one for Amazon Web Services.

“We have deployed a unique solution so our cloud is optimized under TIC. We go through the complete security stack and create a super highway to get to Internet providers,” Klimavicz said at the Tech Trends event. “We have a limited stack of security controls if we go to Azure or AWS where we know solutions are secure on the other end. There is no latency and you get some visibility into the traffic, which is great, but you don’t create any bottlenecks.”

Klimavicz said Justice is making it as fast and convenient as possible to get to the cloud services.

“The thing that a lot of folks are thinking about is having the cloud providers pick up a lot of the security controls,” he said. “It works great for the bigger players like Google, Amazon and Microsoft. But we want to be sure we can get to all the cloud service provider. We have over two dozen cloud service partners in Justice, and for the smaller ones, it’s a big burden to ask them to provide the security services. We like where we are right now.”

Beyond the new OMB policy that is expected “soon,” the work by SBA, Energy, Justice and others are changing how security experts think about cloud services.

Jim Quinn, the lead system engineer for the CDM program at DHS, said at the FCW event, the SBA’s success shifted their mindset around how to integrate cloud and CDM.

“Under TIC, we are trying to figure out how we are providing a shared network service as we face challenge of dealing with cloud. We became much less prescriptive with the DEFEND task orders,” he said.

Microsoft’s Adams said she expects the new TIC policy to be less prescriptive than the previous policy, and for OMB to rely more on the tools from CDM.

Now that Kent said the policy is imminent, relief from TIC for agencies can only be good news.

Read more of the Reporter’s Notebook

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

When it comes to the Trump administration’s priority to reskill or upskill the federal workforce, the best place to start in understanding the uphill challenge is with the numbers.

A Federal News Radio special report in May found more than 45 percent of the federal workforce is more than 50 years old and 25 percent of them are more than 55 years old. Conversely, just six percent of feds are under 30 years old.

But numbers, as is usually the case, don’t tell the entire story.

Nearly every job in the public and private sectors tries to answer the continuous question of how to evolve as new technology impacts the routine and complex parts of your day.

Basically what this means is agencies — and let me emphasize the private sector as well — have hundreds of thousands of employees who will need new skills or will need to change the way they do work over the next three to five years.

“Our data analysis found that 1.3 billion out of 4.3 billion hours could be freed up in the federal workforce by automating manual tasks. That is a lot of potential hours that could be moved from lower value to higher value activities,” said Bill Eggers, the director of public sector research for Deloitte Service. “A good portion of these higher value activities might require a certain amount of reskilling/upskilling. If you assume about 2,087 hours worked per federal employee annually, then you see a large number of employees (in the hundreds of thousands) could eventually require some updating of their skills as they move to higher value activities and under-resourced jobs like cybersecurity and data science. But that’s no different than nearly every organization, public or private, as we enter this new age of work.”

In the President’s Management Agenda, the administration estimates based on 2016 data that 45 percent of all work could be automated and 5 percent of all occupations could be automated entirely.

Now the reason why this workforce discussion is coming up today is the Office of Management and Budget had another one of their “secret” no press allowed events — well, except for one member of the media who moderated a panel in the morning, but that’s for a different story — where they wanted to discuss potential solutions to this ongoing workforce challenge.

Unlike the no-press-allowed event held a few weeks ago around the Technology Modernization Fund, OMB, to their credit, provided some details and background on the discussion points.

An OMB spokesman said the symposium brought in “leading industry experts from around the country to participate in a day-long working session to share best practices and identify concrete next steps for action. Leveraging representatives from diverse organizations with deep, cross-functional expertise in human resource issues, we hope to gain policy ideas and also identify capabilities to help modernize a Federal Workforce for the 21st Century.”

But I decided to go a bit further and talk to people who actually attended the morning and afternoon sessions. All participants spoke on the condition of anonymity because OMB asked the event be “on background.”

OMB held nonpartisan discussions

Overall, the five people I spoke with all were complementary and enthusiastic about the sessions. All said the tenor and tone of the conversations were nonpartisan and focused on learning and sharing. The day-long event seemed also to be part of OMB’s preparation to launch the Government Effectiveness Advanced Research (GEAR) Center in 2019.

“Everyone is dealing with [the] same challenges around their workforces. There is a lot of anxiety in the workforce around artificial intelligence and robotics so how do we engage employees in that process so they don’t have a negative reaction to the technology?” said one industry source. “How can we partner with them to better understand how to make work more productive? They want to move up value change and technology can help, but if they are not engaged in the process, there is a risk that they may not adopt and embrace the technology like they should.”

Another industry official added the emerging technologies, employee expectations and cost pressures are driving these changes.

“There is so much the government needs to do especially when you consider the size of federal workforce has remained constant or has been declining over the last few decades while the size of the government in terms of what it does has grown significantly,” said the official. “In order to enable government workers to address their mission imperatives, technology can help in a constrained workforce environment to free up time. That’s where reskilling and upskilling comes up, and that was much more the tenor of discussion.”

OMB brought in speakers from Willis Towers Watson, a global advisory firm focusing on risk management and human resources, the International Brotherhood of Electrical Workers (IBEW), Amazon Web Services and even someone from California Governor Jerry Brown’s office, according to the day’s agenda obtained by Federal News Radio and attendees who spoke to us.

What seemed to be missing, besides the press, were the federal employee unions. We know the relationship between the administration, the American Federation of Government Employees, the National Treasury Employees Union, the National Federation of Federal Employees and others is not good. But these changes will not happen unless the administration works closely with the employees unions. That may have been one part of the day which OMB overlooked.

The morning sessions were mostly one-way discussions with the assorted panelists laying out the challenges and/or describing some ongoing industry efforts to address workforce challenges, participants said.

The afternoon breakout sessions were much more interactive and focused on three main areas: Reskilling the workforce, talent management, and performance and compensation. Participants said OMB expects to issue a report from the event in a few months.

“One good takeaway from the private sector was around the performance appraisal process and the need to separate it from the feedback process,” said another industry source. “Right now, the government does both once or twice a year. But the industry speakers said there is need to separate the feedback and make it an ongoing and regular part of the discussions. By doing the feedback and appraisal at same time, it doesn’t do justice for the organization.”

Federal pay flexibility exists

Another key takeaway was the flexibility agencies have around compensation, the industry source said.

“Once you realize the limitations of the Title V structure, there are more interesting things that you can do, like pay demonstrations,” the source said. “When was last time OPM approved a pay demonstration? It was probably 15 years ago. So promoting more experimentation in that space was discussed. If you have the authority, why not use it?”

Another participant said part of the discussion reskilling or upskilling employees focused on balancing all the different needs of the workforce, the taxpayer and the administration.

“This is a really important conversation,” the source said. “There is a lot of sensitivities around the perception that this all will lead to a reduction in force (RIFs). This is a good topic to talk about and not one previous administrations gave a lot of attention too. I was impressed by the questions [OMB deputy director for management] Margaret Wiechert and [OPM Director] Jeff Pon are asking.”

Around performance management, the source said several previous administrations unsuccessfully tried to address this issue.

“One of the more interesting inputs from the commercial sector was instead of using the typical federal employee rating structure where you are too focused on the rating of 1-to-5, maybe a better way would be to use pass/fail. Then, you can discuss things the employee is doing well or things they need to improve on,” said the source. “You also can communicate early in a person’s career if people are on a leadership track, what it looks like and what performance characteristics they should strive for.  There were a lot of questions around the grading system and what are the pros and cons of it.”

Another participant said during the breakout session, the group recognized agencies don’t have credible performance management data, which makes it harder to address workforce issues because performance management is linked directly to having a talent management and not a compensation strategy.

“It was a healthy conversation especially since all sectors are going through this at the same time,” the participant said. “The government doesn’t know some of that basic workforce information so jumping to reskill hundreds of thousands of people comes back to what skills are needed. You have to understand the plans and strategies for how to make progress on objectives and goals before you can decide what you are changing.”

Read more of the Reporter’s Notebook

Larry Prior, the former CEO of CSRA, recently described the excitement around the Defense Department’s Joint Enterprise Defense Infrastructure (JEDI) contract like watching a “battle of the titans” square off and is leading to “high drama” across the federal market.

But what Prior didn’t answer—maybe on purpose—is why do so many contractors care about the $10 billion cloud contract?

Which led me to ask several other industry experts a similar question: Why is there so much angst over JEDI?

Now I know, it’s worth $10 billion. But really it’s ONLY a ceiling of $10 billion over 10 years so at most DoD will spend $1 billion a year. How many contract vehicles actually reach or come near the estimated ceiling? Few, if any.

Add to that the fact Deputy Secretary of Defense Pat Shanahan said JEDI would account for only 15-to-20 percent of all DoD cloud spending. That means 75-to-80 percent still is up for grabs. You can follow the bouncing cloud RFP ball to the Defense Information System Agency’s $8.8 billion Defense Enterprise Operations Solutions (DEOS) contract, to the Air Force’s Enterprise-as-a-service plans, to the Navy’s Next Generation Enterprise Network (NGEN) and so on. Bloomberg Government found recently that DoD will spend about $2 billion on cloud services in fiscal 2018 and that figure only will grow in 2019 and beyond.

Taking all of this together, the military will spend billions of dollars on cloud services over the next decade and there will be plenty to go around. Right? That seems to be the pragmatic and logical conclusion?

Well, not so fast say several industry experts.

“Any time you have a contract that is potentially that large in such a competitive market where the perception is ‘winner take all,’ that causes angst to begin with. And most contracts like JEDI are multiple award so anything that could be market limiting would cause angst,” said Stan Soloway, a former Defense acquisition executive, and now president of Celero Strategies. “The perception is that JEDI is the tip of the cloud iceberg. I believe based on conversations I’ve had, JEDI represents the first step toward an alternative DoD cloud policy where they want to ride the commercial cloud.”

Soloway said companies are nervous if DoD is riding a commercial cloud wave and it doesn’t include them.

Contractors marking their territory

Ok, so change is hard for contractors?

Well, not exactly said Ray Bjorklund, the president of Birchgrove Consulting and a former DoD acquisition official.

Bjorklund, who worked on and sees similarities with the Defense Information Systems Network (DISN) procurement in the late 1990s, said for many vendors it’s a matter of VHS vs. Betamax or Westinghouse vs. Edison Electric where the fight was over alternating current or direct current.

“Cloud is much like a utility with the expectation of instant on, immediate connectivity and certainly in case of JEDI when you look at military operations that are dispersed around the globe, accessibility of information is most valuable,” he said. “DoD is looking for a way to further connect all platforms and applications, and now platforms and apps don’t necessarily talk to each other, but having this one pool of data where all of it can be exchanged, that is a really good notion.”

Bjorklund said even though DoD expects there will be other cloud solutions in the future, JEDI is the initial big one.

“If it’s a single award and it gets traction with users who get comfortable, that single award may lead to increasing proprietary technology and make it more difficult for other cloud vendors to integrate with this cloud and also with the platforms and apps,” he said. “DoD already is establishing some degree of interoperability based on technical specifications for solutions. But to have this uneasiness about long term where there will be increasingly levels of proprietary technology that will be difficult to break without a lot of breakage.”

So, it’s all about being first one in and marking your territory?

Well, given that DoD already has cloud instance from Microsoft, from Google, from Salesforce, IBM and so many others. That can’t be the cause of the angst.

Not so fast says one former DoD official, who requested anonymity because their company still does business with the Pentagon.

The former official said the way the Pentagon and its leadership, including Ellen Lord, the Undersecretary of Defense for acquisition and sustainment, and Chris Lynch, the director of the Defense Digital Service, have talked about their desire to move to a single cloud and that creates angst. The fact that many in industry consider the procurement “wired” to Amazon Web Services is why JEDI is tormenting industry.

“Comments that a single cloud was needed or DoD couldn’t get interoperability, data, machine intelligence caused everyone in industry to be suspicious of this effort from the start,” the former official said. “Many were convinced from the start that the goal from technologists of JEDI has been to get a contract with AWS and get access to their secret region that was funded by intelligence community.”

The former official said the angst continued to increase when the certain specific requirements in the RFP and performance work statement seem to be AWS-centric.

“The requirement to have three copies of your infrastructure is an approach AWS has taken from the beginning. The requirement to have three-way replication so your data is not lost is an AWS feature,” said the former official. “The other one around tactical requirements and the description of capability sounds a lot like Amazon’s snowball capability that it created to move data around and now turned it in to a deployable cloud of sorts. I’m not sure how it can be used to build forward deployed cloud so it has not solved DoD’s problem, but it’s where DoD wants to go.”

Value of JEDI is so high

So then the angst is about not having a level playing field where all vendors can compete equally?

If you read Oracle’s initial pre-solicitation bid protest, one of its major complaints is the anti-competitive nature of the RFP.

But wait one more time. Another industry official, who is following JEDI closely and requested anonymity because their company does business with DoD, said the angst comes down, in part, to the contract being worth $10 billion.

“There is school of thought that this is $10 billion and everyone wants to be part of it. It’s a lot of money. We know today that it’s hard to switch clouds so it’s not like you are in AWS one day and move to Google the next day. The reality of that happening is not strong and you’ve got to have a compelling reason. It’s not easy to switch like cell phones are, and then you have train people in the new cloud too, which will hinder people from switching,” the expert said. “The fact is DoD is being vocal about not wanting a multi-cloud approach is bad. If you look at all experts, multi cloud is the future. There are tools to help manage multi cloud.”

The industry source said it would be hard for Microsoft, Google, Amazon, IBM or any vendor to tell their board of directors they lost out on a $10 billion contract with DoD.

“It’s not a great conversation to have,” the expert said. “And if it is like the CIA Amazon Web Services C2S cloud and everyone else is locked out, that is a bad situation, and why people are nervous.”

So given all of these reasons, industry has pretty good reason for being up in arms over JEDI.

Part of this is DoD’s own fault due to its inability to communicate its real goals for cloud. And part of this is industry’s own idiosyncrasies when it comes to large contracts and needing to be part of every one of them.

The former DoD official said they remember similar angst among contractors during the bidding of the Navy-Marine Corps Intranet, which ended up being more than a $10 billion contract.

“JEDI seems unique. There is so much investment by companies, both spiritual and financial,” the source said. “There is much more of a pre-award information campaign that started last year. Companies believe if they do not get a piece of this, they may be concerned about losing their jobs or leaving the DoD market entirely.”

The official said based on their experience what is most likely to happen JEDI will end up being more for development purposes and less for legacy systems, and then the other programs like DEOS will begin to address the older  applications.

DoD has pushed back the due date for the award and the Oracle protest continues to hang over JEDI so industry will continue to watch this battle of the titans for a few more months and we can watch their angst continue to grow.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The federal cybersecurity landscape is seeing several shifts in terms of the people who manage, oversee and secure federal networks, systems and applications.

First, Tim Ruland, the chief information security officer at the Census Bureau, is retiring on Sept. 27.

Ruland, who has been working part-time at Census over the last few months, will leave after more than 40 years of federal service, including being in the charge of the decennial count’s cybersecurity since 1998.

He said he plans to relax and travel during retirement, but may decide to work part time or contribute to the federal community in another way.

Ruland leaves the Census at a critical time as the bureau prepares for the 2020 count. The Government Accountability Office found that Census, as of June, had reported 3,100 security weaknesses “that need to be addressed in the coming months.”

Census and the Commerce Department, more generally, recognize their cyber challenges. Commerce Chief Information Officer Rod Turk wrote in an Aug. 31 blog post, shortly after the GAO report came out, that the “Census Bureau engages in a multi-stakeholder approach across the Federal government, intelligence community, and industry to implement the best tools to secure their data. The security of the 2020 Decennial Census is strengthened by this cybersecurity partnership and network.”

Ruland also spent 13 years on active duty in the Army where he worked for the Army Security Agency and the Intelligence and Security Command as a linguist and analyst.

“Now for some new adventures with my wife traveling the U.S. on our Harleys and by car, learning how to be a better cook and just enjoying life,” Ruland wrote on a LinkedIn post. “To all I have worked with I enjoyed the opportunities, for those I have met professionally I appreciate your work and have learned something from each and every one of you. So to all, farewell and keep us safe going forward.”

While Ruland joins an ever-growing number of senior executives leaving government, five others found new permanent positions.

Mark Kneidinger, the director of Cybersecurity and Communications Federal Network Resilience Division (FNR) in the Homeland Security Department, will join the new the National Risk Management Center as the deputy director.  DHS named Bob Kolasky to lead the new center in early August.

In an internal newsletter obtained by Federal News Radio, Emily Early, the National Protection and Programs Directorate’s chief of staff, wrote Matt Hartman will serve as acting director of CS&C while Mike Duffy will serve as acting deputy director for FNR.

Kneidinger led FNR since 2015 and has been with the office since 2013.

Before that, he worked for private sector companies including CSC and CACI, and was the CIO for state offices in New York and Virginia.

Hartman has been with DHS since 2010, having spent four years working as acting program manager and deputy program manager of the continuous diagnostics and mitigation (CDM) program.

At the State Department, Lonnie Price gets to finally remove the “acting” title from his business cards and is the permanent deputy assistant secretary and assistant director for the Cyber and Technology Security Directorate, which falls within the Diplomatic Security Service.

State created the new directorate in August 2017 to provide “advanced cyber threat analysis, incident detection and response, cyber investigative support and emerging technology solutions.”

The agency named Price as the new organization’s interim director a year ago. He has been with State since 1987, serving as a security engineer, director of the Countermeasures Division and most recently director of the Office of Security Technology, according to his LinkedIn profile.

New CIOs at GPO, NCUA

The Government Publishing Office and the National Credit Union Administration named new CIOs as well.

GPO announced Sept. 10 it has selected Sam Musa as its new CIO, replacing Tracee Boxley, who left the agency in January. Layton Clay has been the acting CIO since Boxley left.

Musa comes to GPO from after serving as the chief of IT services for the Equal Employment Opportunity Commission (EEOC) for the last 10 years, where he oversaw the help desk, desktop security, training, audio visual/video teleconferencing services, mobile devices and security audits.

Prior to EEOC, Musa served as an information systems security manager at the National Weather Service (NWS) and as an information systems program manager at the FBI.

He also teaches network/cybersecurity courses at the University of Maryland University College. Musa received a Doctorate degree in business administration from the National Graduate School, holds a Master’s Degree in public service from Fort Hays State University and a Master’s Degree in telecommunications from George Mason University.

It took Rob Foster just about a year to become the CIO at NCUA after joining the organization as deputy CIO in August 2017.

NCUA Board Chairman J. Mark McWatters announced Foster’s promotion on Sept. 4.

Foster joined NCUA last year after spending the previous two years as the Department of Navy CIO and also served as the deputy CIO at the Department of Health and Human Services.

Finally, Pamela Wise-Martinez joined the Energy Department’s Energy Information Administration on Sept. 4 as its chief architect. She comes to EIA after spending the last three years being the chief cloud and enterprise architect at the Pension Benefit Guaranty Corporation (PBGC).

This is Wise-Martinez’s second time at Energy. She was NNSA’s chief architect from 2010 to 2013 before moving to the Office of the Director of National Intelligence. She also worked at DHS, the Interior Department and the Securities and Exchange Commission.

The General Services Administration wants its agency and industry customers to know they are listening when it comes to the schedules contracting program.

Not only is the Federal Acquisition Service in the final stages of updating the schedule contracts to make it easier for agencies to buy products and services at the same time, but FAS is planning other major changes for 2019.

Alan Thomas, the commissioner of GSA’s Federal Acquisition Service, said in an exclusive interview, agency customers and industry partners are, in many ways, driving the schedules modernization strategy.

“The schedules program is still a flagship program at GSA. It’s one of the crown jewels in the franchise at the Federal Acquisition Service. We take the health of the schedules program seriously and we are actively promoting it,” he said. “We do a customer satisfaction survey every year. We got more than 13,000 responses this year and they tend to be heavily focused in the general supplies and services portfolio in terms of the users that respond to it. Overall, the results of the survey were pretty heartening. We heard from customers that the value they perceive GSA providing is up year-over-year. One of my favorite measures is when asked if GSA has their best interests, that is up as well, which I think is a good sign.”

Thomas said he’s been to all the regions once and about half a second time to meet with GSA and federal agency customers since he took over as commissioner 14 months ago.

“I got a lot of individual data points with the customers and it’s really gratifying to hear them talk about GSA’s people. That’s the thing they complement the most,” he said. “I get some feedback in terms of room for improvement on processes and systems so things like minimum order quantities and the usability of GSA Advantage are things we bring back and work on across the organization.”

One of those things GSA has been working toward is the change in the schedules program to let agencies combine products and services under one buy. Commonly known as order level materials (OLMs) or other direct costs (ODCs), this modification has been a long time in coming, and has been particularly frustrating for vendors who sell both products and services. Thomas said the impact of this major change will be felt in fiscal 2019. But, Thomas quickly pointed out that vendors and agency buyers can take advantage of the change today.

“There is a contract modification and special item number that vendors will have to get added to their contracts,” he said. “There is training and awareness. We have to make industry aware of it. We have to make our workforce aware of it, and then make the broader acquisition workforce aware of it. This is new and different so we want to make sure we get the guidance and training out.”

GSA to change minimum order requirement?

Another major change is around eliminating minimum purchase thresholds. Thomas said that was another request from agency customers because sometimes you just need to buy one of something and not 10.

“We consistently hear from customers that minimum order quantities often times will lead them to cancel orders,” Thomas said. “We are working with vendors on schedule to try and reduce or in some cases remove those minimum order quantities. Customers may be willing to pay a little more for that unit.”

Overall, Thomas said the health of the schedules is strong. He said GSA expects the schedules program to break even before they reinvest in the business, but will be in the black after investments.

“We are on a trajectory to be at break even at the level when we include our investments hopefully in two years. That’s a goal I’ve set for the organization,” he said. “Schedules spending is pretty steady over the last several years. Some of the volume has moved to governmentwide acquisition contracts and governmentwide multiple award contracts. But from my perspective, I take a portfolio approach and we want to make sure we capture all the spend that’s appropriate and having it placed on the right vehicle. But I’d say schedule spend is steady and from a cost recovery perspective, the program is healthy.”

Thomas said 2019 also is shaping up to bring major changes to the schedules program.

He said FAS is considering consolidating schedules down to one or a smaller set of schedule contracts.

“We have an internal team that is looking at that made up of a cross section of folks from FAS and they eventually will come to a set of options, they will brief up to me and we eventually will take them to [GSA Administrator] Emily [Murphy],” Thomas said. “The impetus behind schedules reform is to make sure the program continues to be healthy and meets the needs of our customers and industry partners. If you are a customer and you are looking to buy through the schedules, from our perspective sometimes it’s a little challenging to think about what schedule should they be buying it off of? Take contact centers, is that an IT purchase off of Schedule 70 or is that a professional services purchase off of 00CORP? I don’t know. I can make an argument for either.”

Thomas said he wants to reduce any potential or real confusion for agency customers as well as lessen the burden on vndors having to manage multiple schedules.

He said the working group should have some recommendations on potential schedule consolidations by the end of 2018 with implementation coming in late 2019 or 2020.

Schedule transparency pilot to launch

Additionally, Thomas said FAS is looking at whether it needs to reduce the number of contractors on the schedules, particularly those who haven’t done any sales in two or more years.

Thomas said many of these changes will need to be vetted and discussed with agency and industry partners before any implementation, which also is part of how FAS is trying to be more customer focused.

Two other major changes coming to the schedules are around transparency and fee adjustments.

Transparency has long been a problem for non-schedule holders. If you can’t see what agencies are buying through request for quotes or task orders, then how can a vendor determine whether or not to get a schedule contract — which can cost tens of thousands of dollars in time and money?

Murphy said in May that FAS would launch an e-Buy pilot in 2019 to provide more transparency into the schedules program.

Thomas said FAS Region 7 and Office of Administrative Services, which handles all the internal procurements for GSA, will take part in the pilot by making the full statement of work available on FedBizOpps.gov after the award is made.

Around the fees of the schedules program, it’s been 15 years since GSA reduced the industrial funding fee to 0.75 percent from 1 percent.

GSA and the Office of Personnel Management in August cut the fee to use the Human Capital and Training Solutions (HCATS) GWAC contract by 60 percent to 0.75 percent from 2 percent.

“We have a group that is looking at pricing [fee structure] across all of our GWACs and schedules. We want clarity and consistency for customers. We don’t want customers making choices for which vehicle to use based on the contract access fee. We want them thinking about what does the statement of work say and what is the appropriate scope of the contract? Then, making the decision based on that. In some sense, harmonizing fees or bringing them more in line with each other and making them more clear and consistent is a good move.”

GSA, VA to collaborate

A final area where GSA is trying to reduce confusion of agency customers and industry partners is around medical supplies.

The Veterans Affairs Department long has run its own medical supplies and services contracts, commonly referred to as schedules, despite GSA also running a similar program for the rest of government.

Thomas said GSA and VA are discussing how the two agencies could improve collaboration across the similar contracts.

He said VA is looking at how it could use some of the technology that GSA uses to manage its schedule program as well as how VA could use GSA’s global supply program to gain more control, visibility and more efficiencies in its micro-purchase spending.

“We are much further down the path [with the global supply program], joint teams have been stood up and projects plans have been put in place. We think in fiscal 2019 you will see some significant spend flow through that requisition channel from VA,” Thomas said.