Russ Roberts, the Transportation Security Administration’s chief information officer, stayed on in federal service a little longer than expected.

Roberts, who announced in December he would leave at the end of the 2021, delayed his retirement for a few months but now is ready to move on.

A TSA spokesman has confirmed that the agency has chosen Yemi Oshinnaiye, the deputy CIO at the U.S. Citizenship and Immigration Services (USCIS), as its new permanent CIO.

Roberts will retire at the end of May and Oshinnaiye will start in early May to ensure there is an easy transition.

Oshinnaiye has been the deputy CIO at USCIS since March 2019, but worked at DHS previously from 2012 to 2017. He went into the private sector for a short stint before returning to USCIS.

During his tenure at USCIS, Oshinnaiye helped lead the effort to consolidate and improve how the agency uses cloud services.

In 2021, USCIS launched an effort called “clean my cloud.”

“There are so many cloud services at some point, we’re going to be a plethora of different clouds integrating and underlying our network. We took a step back and took a look at that and now anytime we move or build a new workload, we’re looking at what’s in the cloud already. That has enabled us to optimize. Now we have this thing where we’re looking at, our CTO called it ‘clean my cloud.’ So we’re looking at it every month. When you put something in cloud, if you haven’t done something to optimize it, we kind of call you out. So we gamified it a little bit,” Oshinnaiye said during a March 2021 panel.

That optimization effort led to savings that USCIS can put into other modernization initiatives.

Oshinnaiye said using virtual machines and automation are some of the ways his office increased the value of technology while reducing complexity and costs.

In coming to TSA, Oshinnaiye inherits a huge organization in the midst of a technology transformation.

Research firm Deltek estimated that TSA’s IT budget request for fiscal 2023 would be $967 million. This is less than the $1 billion IT budget it received in this year, but $161 million more than it received in 2021.

One of TSA’s big requests for 2023 is enterprise cybersecurity. The agency asked for $23.5 million to support 17 employees.

“This funding will enable early detection to dramatically improve the cybersecurity of TSA networks and provide a better ability to protect TSA’s sensitive data,” the DHS budget request stated. “In 2021, TSA investigated 2,412 cases in the calendar year, which subsequently yielded 84 confirmed incidents. A significant number of these cases (over 72%) were sourced from security logging, which captured unauthorized/malicious activity in TSA’s networks. TSA recognizes that to keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, decisive steps are necessary to increase visibility into threats while adopting security best practices for logging and performing threat remediation via enhanced investigation tactics and increased resources. In addition to implementing one of TSA’s key strategic priorities, these funds support requirements described in Executive Order 14028.”

Along with TSA, the Justice Department’s Executive Office for Immigration Review has a new CIO, and a familiar face at that.

Sanjay Gupta joined EOIR in March after more than five years the Small Business Administration’s chief technology officer.

Gupta became at least the fourth former SBA technology executive to move into a larger role over the last 18 months. He joins Guy Cavallo, who is now the CIO at the Office of Personnel Management, Nagesh Rao, who is now the CIO at the Commerce Department’s Bureau of Industry and Security, and of course Maria Roat, the former SBA CIO and recently retired deputy federal CIO, in leaving the agency for bigger opportunities.

Gupta helped lead the SBA’s technology transformation, moving applications and systems to the cloud, testing out leading edge cybersecurity tools and embracing more digital services delivery.

In joining the Executive Office for Immigration Review, Gupta enters an entirely new sector where he will be supporting lawyers and judges who are adjudicating immigration cases. EOIR conducts immigration court proceedings, appellate reviews and administrative hearings.

EOIR’s IT organization has four directorates:

• Chief architect
• Operations services
• Governance, planning and support
• Software development

In case you missed these CIOs on the move

There has been a lot of other agency CIOs coming and going over the last few months. Here are some others that you may have missed.

FEMA CIO Lytwaive Hutchinson is retiring after 41 years of federal service.

Hutchinson joined FEMA in April 2019 after spending her entire career with the Defense Department. She served 21 years in the Army and then spent 17 years working in various senior leadership roles in the DoD CIO’s office.

The CIA named La’Naia Jones as its new CIO and the director of the Information Technology Enterprise (ITE) within the Directorate of Digital Innovation at the CIA in February.

She took over for Juliane Gallina, who moved to a new role in February. Gallina is now the deputy director of the CIA’s Directorate of Digital Innovation. Jones came to the CIA after serving as the deputy CIO at the National Security Agency for the past year. She also served as the deputy CIO of the intelligence community in the Office of the Director of National Intelligence for two years.

Finally also in March, Director of National Intelligence Avril Haines selected Adele Merritt to serve as CIO for the Intelligence Community.

Merritt was most recently program manager at DreamPort, a cyber innovation nonprofit created by U.S. Cyber Command.

Michael Waschull had been acting IC CIO for the past year. Haines said he would stay on as Merritt’s deputy.

Two other job openings

The Office of Justice Programs finally put out the job announcement to fill its vacant CIO position.

Brian McGrath, who had been CIO at OJP for six years, retired in October.

OJP said in its job announcement that the CIO “[h]as full responsibility for the oversight and management of all OCIO functional areas, including enterprise architecture, application development, infrastructure and engineering, cybersecurity, policy and planning and project management. Ensures the implementation of an integrated enterprise through coordination of resources across the agency and collaboration with other components to deliver a fully integrated capability that supports internal and external customers. Develops performance metrics and data to determine goals and decides methods, plans and schedules work, adjusts staffing and procedures to allocate resources, sets and adjusts priority, and assigns work based on priority.”

The application deadline was April 15.

The National Highway Traffic Safety Administration (NHTSA) is looking to hire a chief data officer.

NHTSA outlined seven roles the CDO will fill, including “developing and continually updating a comprehensive data and information product portfolio strategy, and developing and implementing a data services strategy to maximize use of NHTSA data for internal users, including data warehouses, data sets (e.g. MAX data), business intelligence tools, utilizing DOT shared services offerings whenever possible and practical.”

Applications for the position are due by May 5.

Finally, Oki Mek, the former chief artificial intelligence officer and chief technology officer for the Department of Health and Human Services, is back after a short time off.

Mek announced he joined Equideum Health as its chief information security officer. The company says Mek ensures that Equideum Health’s critical infrastructure is protected through cybersecurity capabilities and uses artificial intelligence (AI) and blockchain technologies.

CORRECTION: Treasury, USAID and Labor do not have MGT Act IT-WCF, but have requested authority for the fund in 2023. 

December will mark the fifth anniversary of President Donald Trump signing the Modernizing Government Technology Act into law.

While many in government and industry still love to focus on the Technology Modernization Fund as a big win from that bill, the ability to create IT working capital funds will, over the long term, be former Rep. Will Hurd’s (R-Texas),  Reps. Gerry Connolly’s (D-Va.) and Robin Kelly (D-Ill.) true crowning achievement.

It’s clear today that Hurd, Kelly and Connolly overestimated the appropriators’ enthusiasm for and acceptance of IT WCFs. Only a handful of agencies have been able to convince House and Senate money managers to approve these bank accounts, and most agency CFOs have been reluctant to just set these rainy funds up without prior approval.

And like with most things on Capitol Hill, change comes slowly, but it does come.

The latest example comes in President Joe Biden’s fiscal 2023 budget request to Congress.

The number of IT WCFs is growing, albeit much more slowly than is needed to address $7 billion or more in technical debt across the government.

The Treasury Department is the latest agency to ask lawmakers grant  them the ability to create an IT working capital fund. The agency would like to retain up to 5% of its appropriation to this new bank account and it can remain available until Sept. 30, 2026.

Treasury, at least at the headquarter level, has been a cautious mover to the cloud, and many expect its modernization effort to pick up steam with the impending award of the T-Cloud program, which seeks to establish a Treasurywide set of cloud services through multiple providers.

2 MGT Act working capital funds

There still are only two agencies with specific IT working capital funds using authorities under the MGT Act. The Small Business Administration, which was first, and the Office of Personnel Management  received appropriators’ blessings.

The budget request details how much money, or at least, what percentage they hope to have in their accounts.

Labor, for example, expects to spend its $3 million if it receives approval for a IT WCF this year.

USAID would expects to have up to 5% or $30 million available pulled from six different accounts. The money also will be available for three fiscal years.

OPM and SBA plan to use the IT-WCF authority this year. OPM can save up to 5% of their extra funding into the IT WCF account, and it will be available through Sept. 30, 2026.

SBA said it will retain up to 3% of its funds from two different accounts and it will be available through Sept. 30, 2026.

Other agencies such as the departments of Education and Commerce also have requested IT WCF authority over the years, but haven’t received approval.

HUD, EPA also funding IT modernization

Along with these specific IT WCF, several other agencies also are putting money in existing working capital funds to address IT modernization.

The Department of Housing and Urban Development has an IT fund for “the development, modernization and enhancement of, modifications to, and infrastructure for departmentwide and program-specific information technology systems, for the continuing operation and maintenance of both departmentwide and program-specific information systems, and for program-related maintenance activities…”

HUD said in the budget that it expects to have $382 million, of which $339 million will be available to Sept. 30, 2024 and $43 million will be available through Sept. 30, 2026, which seems to connect back to the MGT Act.

The Environment Protection Agency is taking a similar approach to HUD.

It’s using a working capital fund created in 1997 and the authorities under the MGT Act to modernize IT services, including “agency postage costs, Cincinnati voice services, background investigations and enterprise human resources IT services managed by the Office of Mission Support; financial and administrative systems, employee relocations and a budget formulation system managed by the Office of the Chief Financial Officer; the Agency’s Continuity of Operations (COOP) site managed by the Office of Land and Emergency Management; legal services managed by the Office of General Counsel; regional information technology service and support managed by EPA Region 8; and multimedia and agency servicing contracts managed by the Office of the Administrator.”

EPA expects to have $414 million in the WCF in 2023.

The Department of Homeland Security is dissolving its working capital fund and instead “will transfer funds to the servicing management lines of business for fee-for-service and governmentwide mandated services.” DHS says it still expects to have $139 million in the working capital fund in 2023 as it liquidates pre-existing obligations that occurred against the fund and wind down activities.

Aside from working capital funds, the White House offered mixed support for IT modernization.

Overall IT spending for civilian agencies would rise to $65.8 billion in 2023 from $58.4 billion this year. OPM, SBA and DHS are among the biggest winners with significant increases in funding requests.

Meanwhile, the Office of Management and Budget requested “only” $300 million for the TMF. This is down from $500 million it requested in the 2022 budget. But the lower request comes after Congress zeroed out the TMF in the 2022 omnibus bill, citing needing to spend the remaining $700 million currently in the TMF, most of which came from the American Rescue Plan Act.

“With the continuously evolving IT and cyber landscape, these investments are an important down payment on delivering modern and secure services to the American public, and continued investment in IT will be necessary to ensure the United States meets the accelerated pace of modernization,” OMB wrote in the budget request.

OMB, GSA’s other IT funds to see boost

But two other related IT modernization funds would see boosts in 2023.

OMB’s IT Oversight and Reform Fund (ITOR) asked for $14 million in 2023, up from $12 million. The U.S. Digital Service, which like the TMF benefited from a windfall in the American Rescue Plan Act of $200 million, asked for no new funding.

Congress approved $8 million for the ITOR fund in 2022.

USDS is using the ARPA money to increase its full-time employees to 271 in 2022, up from 161 the year before. It says the larger number of employees will enable “USDS to quickly address technology emergencies, ensure access and equity are integrated into products and processes, and help agencies modernize their systems for long-term stability.”

At the General Services Administration, the administration is seeking a huge increase for Federal Citizen Services Fund to $115.8 million. GSA requested $59.2 million in 2022 and $58.4 million in 2021.

Congress approved $55 million in 2022.

Additionally, GSA’s Office of Governmentwide Policy is seeking a modest increase to $70 million, from $68.7 million that Congress allocated in 2022.

GSA says it also would spend $12 million on the acquisition workforce training fund and $10.9 million would go into a working capital fund to continue the e-rulemaking modernization project.

Beyond the funding requests, OMB also laid out some policy objectives in the budget.

After being fairly quiet over the last two years, OMB re-initiated the concept of shared services.

Along with the Quality Service Management Office efforts at the Cybersecurity and Infrastructure Security Agency (CISA), which were most active over the last few years, OMB says the Grants Management QSMO, led by the Department of Health and Human Services, released its initial marketplace in fiscal 2021, identifying a dozen systems.

“The Grants QSMO is now working to verify that the functionality of these systems is consistent with the agreed to grants standards,” the budget states. “The remaining QSMOs are working to release their marketplaces as soon as possible, potentially as early as fiscal 2023.”

Of course, all of these figures are just that and lawmakers will take this request and do what they will with them. This is why the more agencies who receive permission for the IT-WCF will have a better chance of getting out of technical debt and delivering modern services to citizens and businesses.

Hundreds of small businesses are now in an unenviable position of having to make a tough decision — to bid or not to bid on the Polaris governmentwide acquisition contract.

For those small businesses not in a mentor-protégé joint venture relationship with a large business, they now have to weigh their chances of winning based on a last minute change to the solicitation for this potential 10-year contract with a $10 billion ceiling.

This decision point came because many experts believe the General Services Administration swung the pendulum too far in an effort to give small businesses more opportunities under another massive governmentwide IT contract.

On March 18, GSA released new details under the section for joint ventures and mentor-protégés that removes any requirement for the small business to submit any relevant experience or past performance as part of the bid.

“The [mentor-protégés joint ventures (MP-JV)] with a large business can max out their scores because now you have small businesses competing with multi-billion dollar corporations, and they just can’t win. The MP-JVs can max out almost every category based on the experience of mentors,” said Stephanie Mitchell, co-owner of BD Squared, a bid and proposal consulting firm. “The optics are terrible here. This will be a small business vehicle controlled by large businesses when they already have Alliant 2 and now rolling into Alliant 3. Based on the new information from GSA, they are not evaluating small businesses at all in Polaris, since the information in the bids will mainly come from large businesses.”

Experts question whether Polaris will end up just being a pass-through contract for large businesses given this change as well as the fact GSA is letting small businesses subcontract out as much as 60% of the work on any single task order.

First two Polaris RFPs are out

On Friday, GSA issued the solicitation for the first two pools under Polaris, for small businesses and women-owned small businesses with these changes to the mentor-protégé and joint venture requirements.

The Small Business Administration lists more than 1,500 mentor-protégé teams, though not all of them include a large business mentor.

Brian Friel, also the co-owner of BD Squared, said if the large business mentor can bring all the relevant project and past performance experience, it’s nearly impossible for a non-MP-JV small business to compete for any of the expected 100 spots under the Polaris small business pool.

Mitchell, small business owners and other experts say GSA’s last minute change means that for many companies the bid-no bid decision comes at the expense of months or more of work and tens of thousands of dollars in preparation.

One small business owner, who requested anonymity so as not to potentially anger GSA, said they have spent about $80,000 over the last 12-15 months preparing to bid on Polaris. Now, the owner said, they may not bid because the chances of them winning are so small.

“The MP-JVs will just take over the program,” said one small business owner. “If you look at the structure of the self-scoring system, the mentors will give their protégé’s a leg up based on their references, systems like cost accounting or earned value management and purchasing. If the protégés can get everything from their large business partner, then there is no way a small business can compete on Polaris.”

The small business owner said their proposal is about 95% done and now they must decide what to do next given the new information from GSA.

GSA declined to comment on the last minute changes to the mentor-protégé joint venture requirements. A spokeswoman said the agency doesn’t comment on open solicitations.

Waiting for new GWAC for 3 years

Small businesses have been waiting for Polaris since the Alliant 2 small business GWAC collapsed in June 2020. The ordering period for the Alliant small business GWAC ended in February 2019 so it’s been more than three years since agencies have had a large scale small business GWAC for IT services. Agencies have had more specific small business governmentwide contracts to use such as 8(a) STARS II and III, VETS 2 GWAC and others from organizations like NITAAC.

Experts say the changes in the Polaris solicitation seems like the changes are an over-correction by GSA.

Cy Alba, a partner with PilieroMazza, said there are good arguments for both sides.

On one hand, SBA has been pushing agencies to make sure small businesses have more contracting opportunities as it has seen the growth of “best-in-class” (BIC) contracts and category management.

“As agencies are putting more BICs together and making them bigger so it’s less likely small business can secure an award, SBA has been pushing joint-ventures and mentor-protégés to combat that,” Alba said. “That way the government is less likely to say small businesses can’t do the work and therefore it will be set aside. It’s clear the opportunities for joint ventures and mentor-protégé relationships are growing.”

One the other hand, Alba said what has been lost in this discussion is what about those companies who don’t want to be part of a mentor-protégé, joint venture relationship.

“The law, as it currently stands, doesn’t differentiate between MP-JVs with large businesses versus those with small businesses. They are all eligible small businesses and are in one bucket,” he said. “There is no way to separate that out right now, which is part of the concerns we are seeing with Polaris.”

Too strict of an interpretation?

Alba said GSA’s over-correction may come from the experience the National Institutes of Health IT Acquisition and Assessment Center (NITAAC) with its CIO-SP4 solicitation.

NITAAC issued multiple amendments and lost its only protest over its approach and subsequent changes to JV-MPs.

Friel said it seems like GSA is interpreting the policy in a way that says it’s fine for the small business not to have to bring any past performance or relevant experience to the bid.

But, he said, it doesn’t make sense for a small business vehicle to have bids based on large business experience.

“It seems like GSA is interpreting the policy more strictly and against common sense,” he said. “We believe GSA can require the protégé to bring some experience to the table. Maybe they could establish a minimum number of examples like two out of five.”

The small business owner said the timing of the changes also are problematic. If GSA had changed the MP-JV requirements six or nine months ago, it would’ve given companies more time to establish these agreements.

Alba added on average it takes 105 days to set up a formal mentor-protégé agreement through SBA. Firms can set up a joint venture in a matter of days, but that’s assuming everyone agrees to everything, which is rarely the case.

BD Squared and others have sent letters to GSA and members of Congress seeking help and an explanation for the change. But in the week-plus since GSA issued the change, they haven’t heard anything back from agency officials.

Alba and others say they will be watching for small businesses to file pre-award protests over the terms of the solicitation.

“I do think the way the SBA rules are set up allows for use in JVs and MPs where any member’s experience can count so it leaves it up to an agency’s discretion where they are in that process and how many or what restrictions they want to require,” he said. “SBA doesn’t get into that so then it becomes a question for the Government Accountability Office or the Court of Federal Claims to say if it’s unduly restrictive. GSA may say they are increasing competition, but what’s funny they may be also limiting competition in a de facto sense because now people may not bid because they know their chances of winning are so low.”

Mitchell said vendors have invested a lot of time and money since December 2020 and to have GSA spring this change in the last minute is “crushing” to many small businesses.

And after all the challenges GSA had with Alliant 2 small business and the time and effort they put into developing Polaris, it’s a shame that, once again, last minute changes could throw a wrench into this new effort.

“The inflation crunch is especially severe for government contractors, however, because they have traditionally faced a buyer dominated market in which contract terms and conditions are offered on a take it or leave it basis. Once into the period of performance, government contractors consequently confront a formidable bureaucracy characterized by limited flexibility in responding to the radically changed circumstances presented by such developments as double digit inflation. Unlike his civilian counterpart, the government contracting officer has little or no power to adjust contract prices when equity or practical considerations require and his authority in general is limited by a bewildering array of regulatory and decisional law.”

This excerpt is from a research paper by the Washington and Lee Law Review, capturing the impact of inflation on government contractors in 1975. Yes, written 47 years ago and the point made by Richard Johnson and John Pachter, who now are with Smith, Pachter and McWhorter, rings more true today than ever.

In 1975, the inflation rate was 9.13%. In January 2022, it stood at 7.3%.

And just like in 1975, where a gallon of gas was 44 cents on average and milk cost on average $1.57 per gallon, contractors are feeling the brunt of the rising costs of goods and services, and so too are agencies and their ability to meet their missions.

“[The General Services Administration’s] multiple award schedule contractors are being put in an untenable position: continue performance at losses of 15%-to-25% or more on individual products, seek other, more flexible channels to support the customer, or simply exit the government space altogether in favor of the private sector that responds more readily to the forces of the market,” wrote Roger Waldron, the president of the Coalition for Government Procurement, in a Jan. 28 blog post. “This reality is stark, especially for small business whose margins are slim, resources are scarce and channels to the federal buyer are limited.”

And sources say some contractors are actually leaving the federal market altogether, in part, because they are losing so much money.

Heavy burden on contractors

Larry Allen, the president of Allen Federal Business Partners, said the impact on inflation on small businesses is especially hard given tight margins in federal acquisition already.

The issue isn’t just around GSA’s multiple award schedule contracts. Inflation is impacting everything from the Defense Department’s buying of fuel to the Department of Veterans Affairs’ purchasing of healthcare equipment to the Millennium Challenge Corporation’s acquisition of copy paper and toilet paper.

“Price increases have hit every link in the supply chain, including labor, materials, shipping, and energy. Associated with this rise in the rate of inflation (the highest rate in over a generation) is the increase in interest rates as a means to moderate inflation,” Waldron wrote to in a Feb.9 letter to GSA’s Mark Lee, the assistant commission in the Office of Policy and Compliance. “Altogether, these challenging economic circumstances place a heavy burden on contractors and their supply chains, especially small businesses contractors. The damaging effects of inflation on those providing goods and services in the economy cannot be overstated. The current increase in the rate of inflation devalues the currency businesses hold, reducing their spending power, and adding to the cost of doing business. The federal marketplace is a part of the broader economy, and thus, federal contractors are not immune to the impact of these challenges. Indeed, the same cost increases affecting the performance of businesses, especially small businesses, in the private sector exist for businesses performing under government contracts.”

The other related issue that contractors saw in 1975 and are once again feeling the pinch today is the government’s protracted process for vendors to increase prices.

The good news is that GSA is recognizing the inflation challenge and trying to do something about it.

Stephanie Shutt, the director of the MAS program management office, said the Economic Price Adjustment clause isn’t working because the rules are too restrictive. For example, the regulation only lets vendors increase prices no more than three times a year per item and the total annual increase is capped either 5% or 10% depending on the item or service.

“We are working with the Office of Governmentwide Policy and the Office of Policy and Compliance to see what we can do to provide workarounds for industry so you can increase more often throughout the year and increase more often after you have added something to your contract so your pricing can stay current and your pricing can stay fair and reasonable, and so we can make sure you are in a pocket for success,” Shutt said at the Centre Law and Consulting Annual 2022 Review on March 3. “If you are having issues with your pricing, so we can track it better, we do recommend that you email the GSA ombudsman. Please don’t email the ombudsman until you actually have an issue though. We are working really hard to make sure that we provide a lot more flexibility so the supplier journey is easier across the board. It does take time and money for us to process a rejection as much as it is time, money and frustration on your side. We are working very hard to see what we can do to make sure we are doing it well across the board.”

Allen said it’s a good sign that GSA recognizes the need to address prices changes, but need to move more quickly.

“They’re collecting contractor input right now, which suggests that it will be a couple of months before we have something. That’s too long when there is abundant market evidence that inflation is a problem,” he said. “Why not adopt an interim approach now and work toward something more permanent over time? This really impacts small businesses the most, so if GSA is following the administration’s lead on helping such companies, it would make sense to do something quickly.”

Shutt recommended that when vendors come to their contracting officer to ask for a price adjustment, they need to make sure they have all necessary and proper documentation.

“If you come to the table and the contracting officer asks for documentation on how the pricing is effecting your commercial market and you provide something like a firm fixed price invoice that has no detail in it, that’s not going to give your contracting officer enough to go off of. It’s not going to be properly documented in a way the contracting officer can do any type of negotiation from that,” she said. “Some great documentation could include freight charges of raw materials and how it effects your supply chain. Another thing could be for labor categories, with COVID and people coming back to work, there is a need to pay people more so there may be an increase in what you need to pay your employees. That may funnel down as well. So telling and documenting that whole story is really important with pricing.”

Another idea to whip inflation

Shutt didn’t say when GSA would come up with a new workaround or even an interim process change to address the challenges posed by the Economic Price Adjustment clause.

One solution mentioned in 1975 was to invoke the powers under 50 U.S.C. § 1431-35, which dates back to 1958. Johnson and Pachter write that the law lets the President and agency leaders modify contracts and “remove the prohibition against making amendments to contracts without consideration, and vests in the executive branch a wide-ranging discretion to remedy inequities in its contractual dealings, such as those created by the current surge of inflation.”

Given the fact that agencies are still dealing similar regulatory challenges as was the case 47 years ago, turning to a potential short term solution like this may make the most sense.

As Johnson wrote in 1975, “Moreover, a limited broadening of relief under Public Law 85-804 may be less inflationary in the long run than a wholesale exodus of commercial enterprise from the government contracting field. This latter result, which is a distinct threat today, would inevitably reduce competition for government business and increase the prices the government must pay for years to come.”

Those words continue to ring true today.

As the Defense Department puts the final touches on what will eventually become the Joint Warfighting Cloud Capability (JWCC) ecosystem, the Pentagon quietly is putting the team in place to run the program.

Ryan McArthur joined the Defense Information Systems Agency (DISA) in February as the JWCC program manager. McArthur moved over to DISA from the DoD chief information officer’s office where he was a senior technical advisor supporting the enterprise/tactical cloud strategy.

Sources say DoD eventually will add a deputy program manager as part of the expectation that the program office will be busy whenever JWCC officially is ready to take orders.

In case you have been in hiding for the past few years, JWCC will replace the Joint Enterprise Defense Initiative (JEDI) that was hamstrung by protests and controversy. In November, DoD issued formal solicitations to Microsoft, Amazon Web Services, Oracle and Google to become a part of JWCC. DoD still must negotiate separate indefinite-delivery/indefinite-quantity contracts with each company, a process the department expects to finalize by the third quarter of fiscal 2022.

Before coming to the DoD’s CIO’s office, McArthur served in the Army for 10 years, working on tactical satellite communication systems and other logistics network applications. He also worked for the Marine Corps and the Agriculture Department in assorted IT project management and strategy roles.

It’s not clear what McArthur’s role exactly entails. DISA’s JWCC page doesn’t discuss the role of his position or potential office, but one could assume it will be to help usher services and defense agencies through the cloud acquisition process using the Account Tracking and Automation Tool, which will keep track of each contractor’s service offerings and prices, and use that information to help decide which vendor should get a particular task order.

New DoD CIO leadership

Along with McArthur, there were several other personnel changes within DoD worth noting.

Kelly Fletcher, who served as the senior executive performing the duties of the DoD CIO for four months starting in September 2021, officially became the principal deputy CIO last month.

Fletcher has worked for the DoD CIO for two years, coming over from the Homeland Security Department in 2020 where she was deputy director of program analysis and evaluation.

She replaces John Sherman, who joined in June 2020, and became the permanent CIO in December when the Senate confirmed him.

Fletcher also served as the acting CIO at the Department of the Navy for over a year and worked previously for DoD from 2011 to 2016.

During her time as performing the duties of the CIO, Fletcher oversaw the implementation of a new zero trust program office and focused on how DoD can succeed in a more complex environment featuring cyber, spectrum and data and artificial intelligence.

While Fletcher and McArthur are settling into new roles, Nand Mulchandani, the chief technology officer of DoD’s Joint AI Center, decided to leave after two-plus years.

“It still feels like a dream to me — from visiting the Pentagon for the first time to the intense work we did at the JAIC and across the department to help deploy and scale AI and technology through policy, community building, acquisition and, of course, working closely with American technology companies to build and deploy dozens of key ‘leveraged’ products across multiple verticals,” Mulchandani said in a post announcing his decision to leave on LinkedIn. “It was amazing to learn how to launch a brand new agency at the Pentagon from the brilliant Lt. Gen. Jack Shanahan, spend time as acting director of an agency at the Pentagon as the bridge between two three-star generals, and then hand over the JAIC to the awesome, hard-charging Marine Lt. Gen. Michael Groen.”

Mulchandani said the JAIC has transformed into the chief digital and AI office as DoD “is starting to embrace the power of technology to transform the way it operates and to retain our competitive edge.”

Deputy Defense Secretary Kathleen Hicks, in a memo posted on Feb. 1, named John Sherman, the DoD chief information officer, as the new chief digital and AI officer.

Before joining the JAIC, Mulchandani spent more than 25 years in industry, where he was a serial entrepreneur and senior technology executive. He co-founded and was CEO of ScaleXtreme, which was eventually acquired by Citrix, a leading provider of desktop virtualization and networking infrastructure. Mulchandani served as Citrix’s vice president of market development and strategy. He also worked at Cisco, VMWare and started his career at Sun Microsystems as a compiler architect and holds a patent on dynamic code generation.

“For those of you who have the ability to serve, please jump into the fight. It will be tough and frustrating, but you will feel great about your contribution to the country and the common good. As the child of immigrants, I am deeply aware that our system and society that gave me the opportunities I’ve had in my life does not come for free, and paying back through whatever means is a privilege and honor,” he wrote. “Even this short stint as a public servant was extremely gratifying and, as I am realizing, somewhat addictive. There is a strong chance that I might pop back up in another part of the U.S. government focused on national security and technology, and hope to share that news soon.”

AI leadership at HHS

The federal AI community also lost another leader.

Oki Mek, the chief AI officer at the Department of Health and Human Services, also announced he’s leaving federal service after more than 20 years as a federal employee and contractor.

Mek is unsure what he plans to do next, except take some time off. He said he may end up in the private sector.

He became the HHS chief AI officer in December 2020. He spent the previous decade with HHS working in several executive positions including as the senior advisor to the CIO working on Reimagine HHS and the chief technology officer in the acquisition office.

Mek also spent seven years working at the Energy Department as a contractor on web development and IT strategy.

During his time as chief AI officer at HHS, Mek focused on several areas, including training the workforce to better understand what AI and machine learning can do for the agency, ensuring that HHS builds and acquires AI systems in a way that meets legal requirements and developing an ecosystem to support these projects.

Mek oversaw the development of the HHS AI strategy, which he released in January 2021, promoting accelerated adoption and bringing the entire department up to speed on the language of AI, and scaling best practices

There were two other changes of note in the federal community.

First, Robert Sears, the director of the N-Wave Enterprise Network Program at National Oceanic and Atmospheric Administration in the Commerce Department, is the new chairman of the federal internet protocol version 6 (IPv6) task force. He takes over for Ron Bewtra, who left federal services after 18 years in December.

Bewtra wrote on LinkedIn that, as the previous chairman of the task force, “I have a great appreciation of the effort, teamwork and coordination that is required. Thank you for the huge team effort and I know the federal IPv6 initiative is in great hands moving forward.”

Sears and the task force have a lot of work ahead of them. The Office of Management and Budget in November 2020 issued yet another IPv6 memo, detailing new deadlines, including the need to develop an agencywide IPv6 implementation team, an agencywide policy and to identify at least one pilot of an IPv6-only operational system by the end of 2021.

The memo has a goal of having 80% of all IP-enabled assets operating in IPv6-only environments by the end of fiscal 2025.

The task force will help agencies meet those and other goals by sharing best practices, by working with OMB to address the challenges many agencies are facing and providing guidance where needed.

GSA brings back former executive

Finally, the General Services Administration is bringing back a familiar face.

Jim Ghiloni is coming back to GSA’s FedSIM organization to be the director of the IDIQ Labor and Innovation Sector.

“It feels wonderful to be coming home to GSA and especially back to FEDSIM where my federal career began a long time ago. I loved my time at Wolf Den Associates and appreciate how much I learned in my private sector sojourn. I look forward to being the shapee rather than the shaper,” Ghiloni wrote on a post on LinkedIn.

Ghiloni worked previously at GSA for almost 16 years before leaving in 2017 to be a consultant for Wolf Den Associates.

In his previous positions in GSA, Ghiloni served as the deputy associate commissioner of the common acquisition platform, was the program executive officer of the OASIS multiple award contract and director of business operations of the Federal Acquisition Service and Assisted Acquisition Services.

It’s not just about straight revenue either. DoD reports that the overall competition rate among contractors reached 52% in 2021, more than 1% higher than 2020, but lower or equal to the rate each year since 2012.

The increased competition rate along with the revenue increases comes despite growing concerns about mergers and acquisitions negatively impacting the price for specific products like major weapons systems DoD pays as well as availability of products and services.

“Although studies of this trend have not found a strong correlation between consolidation and increased program pricing, additional risks beyond pricing come with consolidation,” DoD stated. “Growing concentration can reduce the availability of key supplies and equipment, diminish vendors’ incentives for innovation and performance in government contracts, and lead to supply chain vulnerabilities.”

The DoD and NDIA report are part of a growing drum beat across the defense sector warning lawmakers about the growing near peer competition coming from Russia, China and other countries and whether the defense industrial base can keep ahead of them.

As Congress looks to complete its fiscal 2022 spending bill and begins to work on 2023, the reports highlight both real and perceived threats for lawmakers to consider as they parse out the more than $700 billion DoD budget.

“Many of these challenges were there before COVID. The pandemic served to highlight and accelerate these challenges. But it is definitely a wake-up call for the decision and policymakers in our country,” said retired Air Force Gen. Herbert “Hawk” Carlisle, the president of NDIA, during a press briefing on Feb. 2. “The aggressive Russian military buildup on the Ukrainian border and the pacing threat, the rapid military modernization efforts of the People’s Republic of China remind us that our industries work of providing superior products and services to armed services so that they can compete and win and all domains of warfare can never be taken for granted. We owe it to the women and men that serve and defend this nation to give them the equipment, the capability and the training to do the mission we asked them to do and right now in the environment we’re operating in. It’s a challenge and we got a lot of work to do.”

Chinese investment in AI

Tara Murphy Dougherty, the CEO of Govini, added the Vital Signs 2022 report should serve as a “wake-up call” for DoD, Congress and the White House to better understand just how challenging the current federal procurement environment has become over the last decade.

“The challenging environment does not impact just the companies that the Department of Defense is already working with today. The more difficult the dynamics of working with DoD are, the more the department will continue to struggle to bring new entrants into this market. We know as a national security community that the Department of Defense has to bridge the gap between the traditional members of the defense industrial base who today continue to contribute so much into the emerging national security innovation base. DoD has to attract the companies that are working on a bleeding edge technology in the commercial sector of the United States economy,” Murphy Dougherty said. “If we cannot accomplish that, the techno military challenge and competition that we’re facing with China will continue to undoubtedly get more difficult. If you consider comparative investments between the United States and the Chinese Communist Party in these emerging technologies, and the commitment that China has to leveraging those technologies for warfare, it’s clear what DoD needs to do. That begins by improving the environment in which these companies operate in order to serve DoD and the national security efforts of our country.”

It’s the concerns about the gains China and Russia are making is helping to drive this mixed message about the DIB.

Both reports found the number of new entrants coming into the defense sector has steadily dropped. DoD says the reduction is felt most among weapons suppliers, which fell to 5 from 51 in the 1990s.

Wes Hallman, the senior vice president for strategy and policy for NDIA, said the lack of new entrants into the DIB is surprising and concerning, especially during the pandemic.

“Two different studies one from 2008 to 2018, and one that was 2011 through 2018 noted thousands of companies have left the defense industrial base. We’ve noted that the number of new entrants between 2019 and 2020 went from over 12,000 to just over 6,000. We saw another drop from 6,500 down to 6,300 new entrants over the last fiscal year [2020 to 2021],” Hallman said. “When you look at the supply chain issues and the many, many years of a dwindling supply base create more and more fragile networks. Then the pandemic really highlighted the fragility of that. As policymakers look at this, we need to look at what are the incentives and disincentives to come in into this marketplace and really adjust the marketplace so it’s so it’s easier to enter it easier to thrive in it and then produce some resilience.”

More vendors in R&D defense sector

Carlisle added that the drop in new entrants comes despite the defense sector being somewhat protected against the economic challenges brought on by the pandemic.

The one area that has bucked this shrinking trend is research and development where the use of other transaction authority has increased the number of vendors by 9% over the last decade, DoD reported.

Dr. Mark Lewis, the executive director of NDIA’s Emerging Technologies Institute (NDIA ETI), said DoD must reverse the spending decline on basic research as a way to address many of these growing DIB problems.

“We won’t have those the next set of emerging technologies if we’re not investing in the basic research that will, we’ll get there. I think we can certainly highlight some successes of the Defense Innovation Unit, which has been incredibly successful at kind of opening the door for new companies to come into the DoD,” Lewis said. “Very recently, Under Secretary of Defense, Heidi Shyu announced instead of reducing the number of modernization priorities, she’s actually into adding a few modernization priorities, which I think is wholly appropriate. So there’s still, obviously a very keen focus on these emerging technologies, and I think there’s a sense of alacrity, but again, we’re getting some mixed messages along those lines. So it remains to be seen. And I think we’ll certainly see when the 2022 National Defense Strategy is released if it continues to emphasize the importance of these emerging technologies, and especially with a focus on peer competitors, such as Russia and China.”

It’s clear there is no one solution to reinvigorating the defense industrial base. It’s clear the continuing resolutions, the long acquisition cycles and the complexity of the procurement process all play into the challenges. At the same time, DoD and its contractors haven’t done enough to help themselves as spending keeps increasing and companies keep winning more contracts.

One of the key phrases from the 2019 Federal Acquisition Supply Chain Council strategy is the single acknowledgement that “Prior to the enactment of the SECURE Technology Act [in 2018], there was no centralized construct for unifying federal supply chain risk management (SCRM) activities.”

More than three years later, it seems the effort to unify supply chain risk management efforts is struggling.

Case in point, since November at least six agencies issued notices or requests for information/proposals to industry seeking feedback on how to do more to protect their supply chains.

From the General Services Administration to the Army Contracting Command to the Homeland Security Department, there seems to be a broad recognition that whatever agencies are doing today, it isn’t enough.

Each of the notices seek to address different aspects of this challenge, but the common theme is clear: more data, more help and more everything is needed to deal with this ever-growing challenge.

“The need for scrutiny of supply chain risk was highlighted during the 2020 cybersecurity breach where several federal government information technology (IT) systems were compromised by foreign adversaries. Initial reports believe that foreign adversaries exploited vulnerabilities in the supply chain of several widely used information and communications technology (ICT) products,” wrote the Centers for Medicare and Medicare Services in its Jan. 28 RFI. “Although supply chain management practices are well engrained in federal acquisition policy and procedures, certain products and services require enhanced scrutiny due to significant inherent risks associated with their supply chain. Recent legislation and executive actions have also increased the necessity for enhanced scrutiny in the acquisition of ICT and electric system components.”

The most recent effort comes the National Institute of Standards and Technology. It will release an RFI on Tuesday asking for feedback on how to update its Cybersecurity Framework both generally and more specifically around supply chain risk management.

NIST is asking four specific questions about C-SCRM and the National Initiative for Improving Cybersecurity in Supply Chains (NIICS), which it launched last August.

Among the questions NIST is seeking feedback on are around the greatest challenges to C-SCRM, possible approaches, tools, standards and guidelines and how best to integrate these cyber efforts together.

CMS seeks data to combat threats

The other initiatives are focused on solving agency specific problems.

CMS is looking for help internally specifically around identifying and using capabilities would let them mitigate potential malicious threats from code in hardware and software as well as counterfeit products.

“The government is interested in learning more about (1) supply chain risk due diligence information that will be provided; and (2) the tool, product or system solution used to deliver due diligence information,” the RFI stated.

The deadline for the CMS RFI was Feb. 15.

GSA’s recent RFI is more focused across its contracts and connected directly back to the Federal Acquisition Security Council (FASC) efforts.

“GSA is seeking cyber supply chain information to define and incorporate cyber supply chain security control requirements in connection with proposed ICT product and/or service offerings on the GSA marketplace,” GSA stated in an RFI from last January. “The information sought in this RFI will provide guidance on establishing the level of cybersecurity supply chain risk management (C-SCRM) security control measures the GSA should require of vendors regarding the ICT products and services offerings on the GSA marketplace.”

GSA asked 11 questions in the RFI, ranging from best practices to categorize software and hardware products to what evidence should vendors provide to validate how they are meeting C-SCRM standards, guidelines or best practices.

GSA is asking for industry responses by Feb. 28.

Counterfeit products remain a concern

This RFI continues to build on FASC efforts, some of which GSA is leading. For example in October, GSA launched the cyber supply chain risk management acquisition community of practice.

“One of the first big initiatives that the C-SCRM ACoP will take on is GSA and the Cybersecurity and Infrastructure Security Agency (CISA) co-leading an effort to work with agencies to mature the integration of C-SCRM into the acquisition process. The outcome will be increased maturity on strategy, governance, and operations based on lessons learned. We look forward to connecting with everyone from across the Federal Government as we begin this collaborative journey through our campaigns to build stronger C-SCRM acquisition programs,” the October announcement stated.

Similar themes emerged from efforts from the Army Contracting Command and the Social Security Administration.

SSA’s solicitation sought to bring third party expertise to provide electronic supply chain counterfeit reporting and avoidance (ERAI) services on major agency procurements.

“This solution will provide the SSA with focused and predictive insights to help certify, monitor and analyze IT suppliers, which will ultimately mitigate risk to the agency,” the RFP stated.

ACC held a symposium with industry in early December as part of its effort to “learn about supply chain initiatives for the defense industrial base, to increase transparency, resiliency and identify potential risk mitigation strategies.”

While ACC didn’t focus only on cybersecurity, its event highlighted the need to “develop policy, regulatory, legislative and investment recommendations to strengthen U.S. manufacturing capacity and the defense industrial base.”

The Department of Homeland Security didn’t go as far as issuing an RFI, but did tell industry it would hold them more accountable for cyber hygiene efforts.

Eric Hysen, the DHS chief information officer, and Paul Courtney, the DHS chief procurement officer, wrote in Feb. 2 notice to contractors that it will provide a self-assessment to better understand how vendors are meeting key cybersecurity and cyber hygiene practices as a condition for contract award.

“By releasing this questionnaire to our vendors, we expect to establish a statistically viable assessment of overall cyber hygiene risk across DHS that will guide continued work towards an improved cyber posture and will aid in establishing the focus of future program development, including government-led assessments,” the notice stated. “This process is again a critical step in our progress towards maturing our cyber-supply chain risk management (C-SCRM) program and protecting the homeland.”

NDAA’s 8 supply chain provisions

These individual efforts come on top of new requirements by Congress in the Defense authorization act of 2022. The NDAA’s Subtitle E has eight provisions related to the Defense Department’s management of its supply chain.

Again, while many of these mandates are broader than cyber, Congress identified the need for DoD to take advantage of data and analytics tools to reduce risks in its supply chain.

To that end, the NDAA tells DoD to “develop a supply chain risk assessment framework,” which should provide a map of supply chains that supports analysis, monitoring and reporting with respect to high-risk subcontractors and risks to such supply chains.

The NDAA also calls on DoD to name an internal organization and develop milestones for the deployment of the risk assessment framework and support technologies.

“We note the potential for advanced and commercial data analytics systems and technologies to provide new capabilities to assess and analyze defense supply chains. For example, advances in decision science, commercial data analytics systems, and machine learning techniques may be applied to such an effort,” the NDAA stated. “We recommend that the Secretary of Defense consider the development of a database to integrate the current disparate data systems that contain defense supply chain information and to help provide for consistent availability, interoperability, and centralized reporting of data to support efficient mitigation and remediation of identified supply chain vulnerabilities. We note that the secretary should ensure that the systems are scalable so as to support multiple users, include robust cybersecurity capabilities, and are optimized for information-sharing and collaboration.”

It’s hard to argue against any of these efforts whether it’s CMS or SSA specific or cutting across any entire agency’s contracts like those at GSA and DoD.

The question remains whether FASC will bring some semblance of oversight and governance to these programs or will it take a thousand flowers blooming and tens of millions of dollars spent before some forcing function — as if SolarWinds wasn’t enough — to bring some order to C-SCRM.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

If the 15 red blocks that dominated the detailed version of the latest Federal IT Acquisition Reform Act (FITARA) scorecard didn’t tell you the transition to the new telecommunications acquisition vehicle wasn’t going as well as expected, then you will be surprised by the General Services Administration’s recent decision. But you will be one of the few.

Most observers in industry and in government have recognized for some time that agencies were struggling to move to the Enterprise Infrastructure Solutions (EIS) program similarly to the way they struggled to move to Networx and to FTS 2001.

The FITARA scorecard just reminded us that most agencies were not going to meet the March deadline of transitioning at least 90% of all services off of Networx and onto EIS. But it’s more than just the March deadline. The September deadline of moving 100% of all services to EIS also was in real doubt.

So to many, GSA’s recent decision to extend the current telecommunications contracts — specifically the continuity of services (CoS) piece — by another year was inevitable.

As one federal executive said, between the multiple continuing resolutions, changes to how agencies are expected to pay for services under EIS, the impact of the pandemic and the protracted contract award timeline, the cards were stacked against GSA and EIS.

“I think we are staying on schedule as much as we can,” said the executive, who requested anonymity because they didn’t get permission to speak to the press. “We should [be] responsible for our plan and for protecting our mission areas. I don’t blame GSA in any of this. The real challenge is asking agencies to do too much with the amount of funding they have. We have to pay for [a] full year of telephone service on a contract that we don’t have the funding for. It’s like asking you to pay for your electricity bill each month at the beginning of the month versus the following month like you do now under the utility model.”

The source said the change to how agencies must pay for telecommunication services turned out to be a bigger obstacle than anyone initially imagined. The source said basically GSA went from a utility model where agencies paid for services after they used them, like your home’s electric or gas bill, to having to pay for services upfront. This requires estimating the amount of services you may use and then having the money to pay for them.

“If I have a new service order for 12 months or if I’m renewing my existing service order for 12 months, I don’t have money for both. I only have a portion of that funding so I can’t fund the new contract beyond the date of the CR,” the executive said. “That puts us all sideways. Now some agencies may ignore it and some don’t. But the fact is not having money to move to the new contract is causing additional delays.”

The delays agencies are facing and the challenges associated with the acquisition timeline and CRs forced GSA to finally relent to the need for an extension, something many in industry thought was inescapable. GSA sent a memo to agencies last week letting transition leaders and others know about their decision to give them more time to transition from the Networx contract. GSA said the risk to agencies who could lose services when the current set of contracts expire in 2023, including Networx, and Washington Interagency Telecommunications System (WITS) 3 and Local Service, was too much to bear and the continuity of service contracts will be extended to May 2024.

“In order to take advantage of the CoS period, agencies must sign a Memorandum of Understanding (MOU) with GSA,” wrote Allen Hill, deputy assistant commissioner in GSA’s Office of IT Category, in a memo to agency leaders, which Federal News Network obtained. “Invoking the CoS clause is different from extending the contracts. Networx, WITS3 and the Local Service contracts will still expire on May 31, 2023. No services can be added or modified during the CoS period, and any services that remain at the end of the period will be disconnected.”

At the next interagency meeting on March 3, GSA said it will provide additional information about the implementation of the CoS clause.

A GSA official told Federal News Network that the extension of the continuity of services clause for Networx, WITS 3 and the local service contracts will “allow agencies and vendors time to sunset services on the expired contracts.”

“As painful as possible”

GSA first made the announcement at a recent meeting of the Federal Chief Information Officer’s Council, Federal News Network learned.

One government source said no one was shocked by the announcement at the meeting.

“If you want that extension your secretary will need to ask permission from the Office of Management and Budget. They want to make it as painful as possible,” the source said. “Contracting has been the biggest challenge. It took a long time to award contracts and that is how we got behind the eight-ball on the transition.”

A perfect example of this is FEMA awarded AT&T four EIS contracts, worth a total of $167 million over five years to modernize their voice and data systems, their wireless local area network capabilities, the contact center capability modernization program (C3MP), and The National Warning System. This means FEMA is just getting its transition started six weeks before the 90% deadline and seven months before the deadline to transition 100% to EIS.

As of Dec. 31, GSA said the Homeland Security and Defense departments are both expected to issue two more solicitations under EIS. Every other agency has issued all their task orders and either made awards or are preparing to make awards. GSA reported 62 out of more than 200 agencies and tribal governments have transitioned off of Networx.

“The fact they are extending it, alleviates some agency’s problems,” said the first federal official. “But transitioning off a legacy contract remains complex when you are switching vendors under EIS. You have to pay for the same services twice during the transition period.”

The transition to the Networx contract in 2013 lasted 33 months longer than expected and cost the government $329 million more than planned for. Ever since that transition ended in April 2013, GSA has been trying to take every precaution possible to avoid a repeat performance.

“This decision by GSA is not surprising. There are all sorts of forces at work to delay EIS,” said Tony Bardo, assistant vice president of government solutions at Hughes Network Systems. “EIS was set back when Windstream protested in 2017 and that started the delay forcing everyone to get off to a late start. The impact of pandemic too is unmistakable. And another big reason goes back to the fact EIS took over everything, regional contracts, WITS and Networx, and all of these things had to go into your fair opportunity solicitation. I’m not sure folks understood when they started they would have all of these services competing over this short period of time.”

GSA put in a tough position

Other vendors also supported the extension of the CoS because more time gives agencies the ability to be more choosy in who they make awards to. The extra year also means agencies will not have to worry about their current services.

“The extension could be a good thing. Many of the fair opportunity solicitations didn’t have what they needed to have, which was the move to new modern services. Early solicitations came out like-for-like, where they were buying 20 years old services like MPLS,” Bardo said. “It might be a good time for agencies to put out amendments and allow for changes and modernization. That may be a silver lining that specifications get changed and we regroup to take advantage of the extra year to let things sort out.”

GSA will receive a lot of blame for this decision to extend the continuity of services contract from the Hill and from the Government Accountability Office. The better shoulders to lay the responsibility fault on is Congress itself and OMB, to a certain extent. GSA was put in the unenviable position of needing to hold agencies accountable with no authority to do so. Congress, meanwhile, is expected to pass the third continuing resolution forcing agencies, at best, to receive their 2022 appropriations almost six months into the fiscal year. And as for OMB, the lack of public attention to the EIS transition by the federal CIO or the Office of Federal Procurement Policy continues to be a missed opportunity. OMB has never issued a memo on the EIS transition and hasn’t mentioned in a memo but for a few sentences in the 2020 guidance on the transition to IPv6. Except for the passback language in April 2021, OMB has paid little public attention to the effort.

This is part of the reason why GSA is starting to look at the next contract after EIS, leading some experts to ask whether the days of massive multiple-award contracts are over.

Based on the last two transition efforts, it may be time to rethink this approach and have OMB hold agencies accountable for modernizing networks through the GSA schedules program. It’s clear this approach, no matter how much planning and help GSA provided, isn’t working.

The Defense Department and the contractors who serve it love to talk about the tactical edge. Everyone from generals down to the newest business development employees for any vendor will tell you how important it is for soldiers, sailors and airmen to receive the information they need in real time without worrying about the underlying infrastructure.

This is especially true for commands outside the United States. The Pentagon recognized this as it laid out this vision last June with its cloud strategy for commands outside the continental United States (OCONUS).

“Delivering cloud innovation to the tactical edge requires modernization within all layers of the infrastructure. This modernization must meet the needs of a range of user-profiles in theater, from the warfighter operating outside the wire to the mission planner or IT administrator operating within an established base perimeter or U.S.-led humanitarian efforts,” the authors wrote.

Eight months after the release of that strategy, the Army will be among the first services to test out the concepts of an OCONUS cloud.

Raj Iyer, the Army’s chief information officer, said in January that the service is working with Indo-Pacific Command to establish edge computing in the cloud.

“This is an area where we are pioneering this kind of effort across the DoD,” Iyer said at the Army IT day sponsored by AFCEA DC in January. “What this will do is allow us to start to integrate cloud into all aspects of experimentation in the Pacific. We’re going to be focused at the core and the multi-domain task force (MDTF) level. As you know, the multi domain task force that we’ve established at Joint Base Lewis-McChord, we used them for the experimentation in the Defender Pacific last year. And as we start to do more exercises this year, we’re going to start to integrate more of the cloud capability and the capacity, along with some of the other technologies such as low Earth orbiting satellites (LEO), and medium Earth orbiting satellites (MEO) into this architecture to look at how we can achieve the resiliency that we need through cloud to be able to exchange large volumes of data from the strategic corners, back to the tactical edge.”

Iyer said the Army tests of OCONUS cloud will begin in Hawaii and Guam.

The Army created the multi-domain task force in response to the near peer adversaries, including placing two of them in the Indo-Pacific region, namely to address potential threats posed by Russia and China. The service expects to stand up the MDTF in the Indo-Pacific region later this year.

Brig. Gen. Jim Isenhower, of the MDTF at Joint Base Lewis-McChord, said in February 2021 these task orders will be “new, networked, maneuver theater assets, focused on adversary anti-access/area denial, (A2/AD) networks.”

Supporting the multi-domain task force

Lt. Gen. John Morrison, the Army’s deputy chief of staff G6, put a finer point on that new networked approach in December when he offered an update about expanding the Army’s data and cloud efforts.

“We have recently published an execution order that aligns our resources and our energies to … the capabilities that we will start providing to our theaters. It will be anchored to the multi domain task forces,” he told reporters late last year. “We can increase the numbers of reps and sets and quite frankly, increase our learning opportunities as we really work through how do we enable data at the edge so that we can significantly increase our ability to see, sense, understand, decide and act, and achieve decision dominance that we’re going to need to for a multi-domain capable force.”

Morrison said the Army’s digital transformation strategy and its updated data plan are aligned to provide specific exercises and operations for the necessary integration to improve mission requirements.

“As we put out our initial cloud and hybrid cloud and data capabilities to support the multi domain task force, that’s going to put pressure on what we need to do from a unified network perspective so we can provide that secure highway with the right guardrails, so that synchronization is going to be absolutely critical,” he said. “I think the Army is putting the appropriate governance in place to make sure that we keep those all nested, integrated and aligned so that we are moving forward in a common direction. I think that’s the power of what the Army digital transformation strategy does for us.”

Morrison added that the Army knows it will remain in this hybrid cloud setup for the medium-to-long term because any adversary will try to downgrade communications at the start of a conflict. He said cutting off access to the cloud means missions likely would become ineffective requiring DoD to keep enough on-premise capabilities in place.

“We’ve got to find that right balance that allows us to really take the power of the cloud and the capabilities that will be resonant there and apply them at the point of need,” he said. “It’s not just the ability to bring it to the point of need. It’s the point of needs to be able to reach back to capabilities that it needs and bring it forward at speed against a thinking adversary so that we not only gain, but we maintain decisive decision dominance and we’re able to see, understand, decide and act way faster than our adversaries.”

More data, networks going to the cloud

The OCONUS cloud pilot is part of a broader effort going in the Indo-Pacific Command. Brig. Gen. Jacqueline “Denise” Brown, the command’s J-6, director of command, control, communications and cyber, told AFCEA’s SIGNAL magazine in November that DoD wants to create a secure mission environment that includes classified and unclassified data and networks. To that end, Brown told SIGNAL that it plans to take advantage of the Thunderdome zero trust effort from the Defense Information Systems Agency.

DISA awarded a $6.8 million other transaction authority deal to Booz Allen Hamilton at the end of January to develop prototype.

Iyer said the OCONUS effort is part of a larger initiative to move more of the Army’s networks and data to cloud services.

The Army launched the cArmy platform in early 2021 to make using commercial cloud services easier and more secure from Amazon, Microsoft and soon Google.

“We have an aggressive path forward this year to start to look at shutting down our data centers. But we know we’re going to need certain capacity on-premise to be able to handle certain workloads. But we do want to be able to integrate this into a hybrid cloud architecture,” Iyer said. “That’s the journey we’re on in terms of integrating that in between the commercial cloud and the on-premise infrastructure that we have. But more importantly, what we did last year and what we’re going to do even more this year is to operationalize the capacity that we have.”

Iyer said more than 40 mission critical applications, including three enterprise resource management systems, are already in the cloud provided by cArmy.

He said the Army will continue to migrate more data and applications to the cloud as it gets out of the data center business.

“We’re putting a lot of effort into operationalizing that. It’s also making sure that we are able to do cost optimization in the cloud. If you don’t do this right, you could very well be in a situation where cloud is costing us more than what it used to be in an on-premise environment,” Iyer said. “We’ve got to make sure that we’re looking at cost optimization, like how many virtual machines do we need? What can we turn off? Where do we need reserve instances? And where do we need the flexibility to be able to do this depending upon the mission scenarios?”

Iyer added the Army is not only going to move applications to the cloud, but also shut down data centers. The Army has been trying to extradite itself from the on-premise world since 2010. So whether Iyer has finally found the secret sauce with cArmy is yet to be seen.

Desktop-as-a-service coming

The move to the cloud will also help the Army’s collection and use of data as a strategic asset.

“We’ve got to make sure that we’re able to harvest the data in those applications and then those systems. As we modernize our architecture approaches, it’s all about application programming interfaces (APIs) and micro services,” he said. “We’re assisting system owners across the Army in terms of helping them architect what their systems need to look like. We have established a good API management platform in cArmy that is available to the enterprise. We’re going to start directing and mandating the use of these tools in our platform.”

Another key piece to the cloud effort is a desktop-as-a-service offering so users can access the network through the cloud and not have to go through a virtual private network (VPN).

Iyer said the goal is for Army users to use any network anywhere they are and through any device.

“We were not ready to take on certain cybersecurity risks. So for example, we did not enable you to download files from there to your personal desktop, even though we did allow you to access Army O365 from your personal devices. We didn’t allow you to download documents, and that put a huge pain on our users because there was no way for them to sign a lot of PDF forms, whether it was COVID-related, showing exposures or infections or vaccinations and exemptions and so on,” he said. “So I have just authorized the Army to do that. NETCOM is in the process of implementing that. [By late January] you will see that functionality rolled out in Army O365 to all users.”

Maria Roat’s decision to retire at the end of March shouldn’t be seen as yet another member of the Office of Management and Budget’s Office of the Federal Chief Information Officer heading out the door. And there have been quite a few over the past year.

Rather, Roat, the deputy federal CIO since May 2020, and many others who have left over the past year are part of a normal churn that comes from working in one of the hardest, but most rewarding jobs in government.

Turnover in not just the Federal CIO’s Office but across OMB tends to happen in spurts. It’s well known that working crazy hours, pushing the IT modernization or cybersecurity boulder up the hill, getting closer to the long-term objective, and constantly putting out fires takes its toll on staff members and political appointees alike after a few years.

But as many former OMB employees have told me over the years, it’s the hardest job they will ever love.

“Working in the Office of the Federal CIO is an incredible way to have an outsized impact on federal agency missions. Analysts in OMB often sit at the nexus of issue areas and response efforts, partnering across organizations and delivery teams to optimize the roadmap for achieving an administration’s policy objectives,” said one former OMB official, who requested anonymity. “With this impact also comes the reality that the jobs at OMB are tough, both in the complexity of work but also in the impact to personal well-being. Most working in technology are used to the ebb and flow of a 24/7 schedule but what may not be familiar is operating under constant pressure that comes with balancing operational, fiscal and political risks. Analysts often choose to leave after a couple of years, many of whom experience a great deal of burn out.”

At the same time, the turnover can be a good thing as new and diverse detailees or permanent employees bring in not just new ideas, but a view from the agency trenches.

Hiring underway at OMB

To a large extent that is what is happening now.

Federal CIO Clare Martorana, who came into the job last March, is restocking her team with experienced agency executives and is looking for new talent to fill out key roles.

The hiring of Drew Myklegard as the new associate deputy federal CIO, a new position in the office, from the Department of Veterans Affairs, and Eileen Vidrine, the chief data officer at the Air Force for the last three years, as the strategic advisor for data to Federal CIO, are two of the most recent examples of the key changes coming to the office.

“As we kick off a new year, we’re excited about our ambitious agenda in the Office of the Federal CIO. Secure technology is at the heart of the President’s Management Agenda, the executive orders on cybersecurity and customer experience and digital transformation and data initiatives across the federal government,” said Martorana in a statement to Federal News Network. “Our extraordinary team will be front and center in executing on this work, and we’re growing with new hires, as well as exceptional leaders on detail who have delivered innovative technology solutions at the agency level. We’re excited about providing exceptional support to our agency partners, scaling innovation across government, and delivering a secure customer experience for the American public.”

Myklegard comes to OMB from VA where he worked for the past eight years, including as the executive director of product engineering. He is on a detail to OMB from VA. Vidrine comes to OMB after becoming the Air Force’s CDO in June 2018. She worked for the White House as part of its Leadership Development Program.

“Eileen Vidrine and Drew Myklegard bring a breadth and depth of knowledge and extraordinary talent to our team. They’re proven leaders in deploying modern technology that’s secure by design and delivers more seamless processes for the federal workforce so they can better serve the American people. And they will help OFCIO as we pursue an ambitious agenda that includes working on the President’s Management Agenda, the Executive Orders on Cybersecurity and Customer Experience, and driving IT modernization and data initiatives across the federal government,” said Martorana in a statement. “We’re excited by their arrival and looking forward to continuing our momentum together.”

Other key positions opening up

Along with Vidrine and Myklegard, OMB is adding as many as others in the coming months, including finding a replacement from Steve McAndrews, the director of federal cybersecurity. McAndrews is leaving to become the deputy CIO at the National Nuclear Security Administration, under another former OFCIO executive James Wolff. Wolff left OMB in July to become NNSA’s CIO.

McAndrews, Wolff and Doc McConnell, the former senior advisor for cybersecurity at OMB and who left to work at the Cybersecurity Infrastructure Security Agency in October, are among the seven or so people who have left OMB over the past year. Jordan Burris, the OFCIO chief of staff, also left the office last fall to join the public sector.

The Office of Federal CIO had more than 40 staff members in late 2020 and saw that number drop to under 35 by summer of 2021. It’s particularly difficult to keep folks in the cybersecurity office as these experts are in high demand across industry and other agencies.

It’s well known OMB is constantly understaffed. To replace these folks and fill other open positions, OFCIO put out job announcements late in 2021 and recently closed another one to help fill gaps in areas like cloud, data center, artificial intelligence, identity and access management, data, internet of things, workforce and, of course, cybersecurity.

An OMB official told Federal News Network that by continually recruiting and rotating staff into government, OFCIO can bring fresh perspectives, skillsets and experiences to its work.

“When we cast a wide net, we also ensure we better represent the American people and avoid introducing bias into the products and services we deliver,” the official said. “Since IT underpins these initiatives, the next round of technologists joining us will be directly involved in designing, leading, and delivering technology transformation across government.”

Government sources also confirmed OMB hired Kristine Lam, who is on detail from the General Services Administration and doing legislative affairs work, Andy Lewandowski, who is focused on improving customer experience and came over from the U.S. Digital Service in July, and Cassie Winters will join OFCIO by the end of January from the House Oversight and Reform Committee staff where she focused on technology policy.

The former OMB official applauded Martorana’s effort to not only bring in new people, but a more diverse set of executives.

“While a mix of new talent coming onboard is a great thing for both diversity of thought and rejuvenation of existing team members, it’s important to keep an eye on the mix of detailed team members vs. permanent hires,” the official said. “Analysts at OMB often serve as institutional memory between administrations and changes in leadership. If the mix of permanent staff declines too significantly, it could create risk for the sustainability of the organization.”

A good reminder not only for OMB, but every CXO office across the government.