N ew, more secure government credit cards and multi-factor authentication for federal websites dealing with sensitive citizen data are two ways the White House wants the government to lead a nationwide effort to reduce identity theft and fraud.

President Barack Obama signed an Executive Order on Oct. 17 outlining a series of steps with short and longer term deadlines to transition to more secure online transactions under a new Buy Secure initiative.

“First, starting next year, we’re going to begin making sure that credit cards and credit-card readers issued by the United States government come equipped with two new layers of protection: a microchip in the card that’s harder for thieves to clone than a magnetic strip, and a pin number you enter into the reader just as you do with an ATM,” Obama said during a speech at the Consumer Financial Protection Bureau in Washington. “We know this technology works. When Britain switched to a chip-and-pin system, they cut fraud in stores by 70 percent. Of course, no one security measure, no matter how powerful, can stop fraud on its own. So today, I’m also directing federal law enforcement to share more information with the private sector when they discover identity theft rings.”

Federal cybersecurity experts acknowledged the White House’s order with a combination of satisfaction and frustration.

Alan Paller, director of research for the SANS Institute, said the federal leadership and implementation of pin and chip security is long overdue.

John Pescatore, director of emerging security trends for SANS, offered more details about why the frustration.

“It was over 16 years ago in Presidential Directive Decision-63 where the White House said, ‘The federal government shall serve as a model to the private sector on how infrastructure assurance is best achieved and shall, to the extent feasible, distribute the results of its endeavors.’ Pushing government point of sale to chip and PIN is a good thing, but of course doesn’t do anything for online payments — only point of sale,” he said. “The bit about stronger authentication (building public-private awareness about more secure authentication) is equally important — moving away from reusable passwords would reduce identity theft way more than chip and PIN will. The government hasn’t been consistent on this, since they’ve been pushing an obsolete Smart Card based solution (HSPD-12) and have rejected less secure, but much more usable/feasible, solutions like text messages as a second factor — such as Google, Paypal, Microsoft and many others are using.”

As an aside, industry and government sources say momentum is building to relook at the technology and policy guiding Homeland Security Presidential Directive-12 (HSPD-12) smart identification cards. Remember the policy is a decade old, and even though the National Institute of Standards and Technology constantly is updating Federal Information Processing Standard 201, some experts say new approaches and technology require new thinking.

In the meantime, Obama’s mandate begins to change the government and, therefore, push the market to transform.

The bulk of the work for the governmentwide change will fall on the shoulders of the General Services Administration and the Treasury Department.

By Jan. 1, Treasury must develop a plan to for agencies to install enabling software on payment processing hardware that supports these enhanced security features. The department also by the same date must ensure that any new payment processing hardware comes equipped with these security features.

The President also gave GSA and other agencies that accept credit and other payment cards a Jan. 1 deadline to begin replacing old cards with those that have the chip and PIN capabilities.

OMB, the National Security Council staff and the Office of Science and Technology Policy must give Obama a plan by Jan. 15 for how the government will ensure all personal data accessible to citizens through online services require the use of multi-factor authentication.

Agencies then will have roughly 15 months to implement that plan.

The Retail Industry Leaders Association applauded the White House order.

“Today’s announcement should serve as a catalyst for widespread adoption of chip and PIN card security,” said RILA president Sandy Kennedy in a release. “The antiquated card security system in place today in the U.S. makes it far too easy for criminals to commit card fraud. Retailers are dedicated to protecting consumers and believe that Chip and PIN technology will better shield U.S. consumers from fraud, just as it has done for consumers elsewhere around the world.”

Obama also called on Congress to take action to protect consumers.

“Today, data breaches are handled by dozens of separate state laws, and it’s time to have one clear national standard that brings certainty to businesses and keeps consumers safe,” he said.

House lawmakers called on the Senate to do something with cyber legislation.

“Since 2011, the House of Representatives has sent two cyber bills to the Senate, but the Senate has thus far failed to take action,” said Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D- Md.), chairman and ranking member of the Intelligence Committee, respectively, in a statement. “We urge the Senate to move quickly on this issue to ensure the safety and security of all Americans.”

A s the World Turns ran on television for more than 50 years before ending in 2010. What does this soap opera have to do with federal IT or acquisition? Well not much, but it is a good analogy to the never-ending turnover among federal executives.

The churn among federal CIOs and others in the IT community has been uncommonly high over the last year (Hint: be on the lookout for my special report on CIO turnover over the last 12 months later this fall.)

The latest change comes in from the top civilian in the Army. Gary Wang has been named to replace Mike Krieger as the Army’s deputy chief information officer/G6.

Krieger is retiring after more than six years as the Army’s top civilian IT guy and 35 years in military government service. He has been acting CIO several times, and among his biggest accomplishments is leading the service’s move to enterprise email in the cloud.

Wang will start Nov. 1, and comes to the Army’s CIO office after serving the last two-plus years as the director of the Intelligence, Surveillance, and Reconnaissance Infrastructure Division in the Office of the Deputy Under Secretary of Defense for Intelligence Strategy, Programs and Resources in the Office of the Under Secretary of Defense for Intelligence.

Wang spent most of his career in the Army’s archrival, the Navy, where he spent seven years at the Space and Naval Warfare Systems Command (SPAWAR) as director of Corporate Operations and Command Information Officer (CIO). He also served as SPAWAR’s science and technology national competency lead and the chief technology officer (CTO) and director of the Science, Technology and Engineering Department at SPAWAR Systems Center Pacific.

Wang comes into an Army that’s in the middle of a technology transition. Lt. Gen. Robert Ferrell, the Army’s CIO, is leading efforts to move more applications to the cloud, to rationalize how many software titles the service uses, implement new joint security stacks and a host of other initiatives.

Krieger oversaw a host of issues for the Army including the network and the enterprise network infrastructure, $10 billion in IT investments, enterprise IT architecture, IT policy compliance and many other technology priorities.

It’s too early to tell whether Ferrell will use this opportunity to reorganize or shuffle responsibilities for the deputy CIO/G6.

Another significant DoD person on the move is Andrew Hunter, the executive secretary of the Warfighter Senior Integration Group and director for the Joint Rapid Acquisition Cell. Check out Federal News Radio anchor Tom Temin‘s interview with Hunter on Oct. 16 as part of our special report on the Missing Pieces of Procurement Reform — it’s well worth listening.

Hunter is joining the Center for International and Strategic Affairs as senior fellow and the lead for the think tank’s defense industrial research group.

“Andrew’s expertise and talent on defense industry and acquisition policy issues are well known inside government circles,” said John Hamre, president, CEO, and the Pritzker chairman at CSIS. “I am confident that, through his analytic leadership on these issues at CSIS, he will have an even greater impact on the policy and resource choices facing the acquisition community.”

Hunter joined DoD in 2011 after spending the previous six years as a professional staff member for the House Armed Services Committee, where he focused on acquisition policy, defense industrial base, technology transfer and export controls. In all, he spent 17 years working on Capitol Hill on DoD issues.

It’s a big loss for DoD. Hunter was a well-respected expert on DoD acquisition issues, obviously well-known on the Hill, which would have been an important strength as lawmakers continue down the path of acquisition reform.

One other personnel move of note, Jose Arrieta, the Homeland Security Department’s procurement ombudsman, is heading to the Treasury Department to be its small business director.

Arrieta said he starts his new job on Oct. 20 and will try to promote Treasury’s small business contracting efforts.

In the latest scorecard from the Small Business Administration, Treasury awarded almost $827 million to small firms last year — 39 percent of all prime contracts, beating its goal of 32 percent.

Arrieta’s hiring means Treasury is removing one of the hats Nani Coloretti wears as the assistant secretary for management. Arrieta now will be the director of the Office of Small Disadvantage Business Utilization (OSDBU) instead of Coloretti.

And one more personnel move of note, Robert Griffin got to remove the “acting” from his title and is now the permanent deputy undersecretary of the DHS Science and Technology Directorate.

Reggie Brothers, the director’s undersecretary, announced his decision to appoint Griffin as his permanent deputy Oct. 5.

“Bob Griffin brings a unique mix of more than two decades of experience in emergency response and emergency management leadership, and academic grounding” said Brothers, in a press release. “It is that experience and insight that I rely on, and why I chose him as my deputy.”

Griffin brings more than 20 years of experience in local government and first responder communities and has been serving as acting deputy undersecretary since May. Before becoming acting deputy undersecretary, Griffin led S&T’s First Responders Group, which focuses on strengthening the first response community’s ability to protect the homeland and respond to disasters.

It’s an easy one this week — the Defense Intelligence Agency is looking for a new Chief Information Officer. With Grant Schneider going to OMB, the DIA wants a new CIO for the first time in seven years. The job is more about leadership and having a strategic vision than bringing great technical skills to the table. DIA wants someone a variety of different leadership skills, ranging from creativity and innovation to conflict management to the ability to build coalitions.

Applications are due Oct. 9.

READ PAST EDITIONS OF INSIDE THE REPORTER’S NOTEBOOK:

Inside the Reporter’s Notebook: VanRoekel legacy highlighted by digital services; more openings at OMB

Inside the Reporter’s Notebook: Labor, GSA forced to buy systems from bankrupt vendor; dashboard fever strikes DHS

Inside the Reporter’s Notebook: Losing faith in GSA schedule prices; EAGLE II lands

O ver the last two weeks, the Office of Management and Budget gave agencies new guidance around managing email and improving the administrative management of federal financial assistance.

Neither memo is earth shattering, but they do give agencies specific goals and deadlines.

The email memo from Sept. 15 sets two new deadlines for how agencies manage electronic communications.

Beth Cobert, OMB deputy director for management, and David Ferriero, archivist of the United States, gave agencies guidance for how to meet two upcoming deadlines set in a 2012 directive that gave agencies until Dec. 31, 2016, to begin managing both permanent and temporary email records in an electronically accessible format, and Dec. 31, 2019, to manage all permanent electronic records in an electronic format.

“NARA will begin to track agency implementation of the 2016 email records management requirement and regularly provide reports to OMB on agency progress,” OMB and NARA wrote in the memo. “Agencies are also encouraged to establish annual records management training requirements and explore options for online, user-friendly training. Additionally, within the next six weeks, NARA and OMB will convene a group of Senior Agency Officials for Records Management, CIOs, General Counsels, and Records Officers to develop best practices documents for identifying and retaining Federal records that would be used as part of this training.”

The financial assistance memo, released Sept. 30, is supposed to help agencies implement Uniform Guidance starting Dec. 26.

OMB and the Council on Financial Assistance Reform (COFAR) established metrics to gauge governmentwide implementation.

The five administrative metrics include:

• Inventory of OMB-approved information collections for grants and cooperative agreements;
• Number of OMB-approved exceptions focused on program performance over compliance;
• Number of fixed amount awards issued;
• Number/impact of agency exceptions to the provision of federally negotiated rates;
• Number of indirect cost rate extensions approved by cognizant agencies.

OMB and the COFAR also detailed metrics for doing single audits and measuring the overall impact of the burden and waste, fraud and abuse.

The single audit metrics include:

• Number of modified opinions for higher risk major programs;
• Number of audit findings of material weaknesses in internal controls for higher risk major programs;
• Number of repeat findings for higher risk major programs, starting in fiscal 2015;
• Number of major programs selected for audit;
• Number of audit objectives in the compliance supplement.

A short trip into the DoD Reporter’s notebook this week as there was a change of leadership ceremony at the National Geospatial-Intelligence Agency that’s worth mentioning.

Letitia Long retired from government after 36 years, including the last four as the director of NGA. My colleague Jared Serbu has a must-listen to interview with Long before she left on his On DoD program.

Robert Cardillo takes over for Long, coming back to NGA after spending the last four years as the first deputy director for intelligence integration in the Office of the Director of National Intelligence. Part of Cardillo’s job was to brief President Barack Obama every day on intelligence risks and actions.

Now, Cardillo will oversee an agency whose mission and value have grown considerably over the last five years.

“It’s been no accident, no coincidence that GEOINT has matured as a collection discipline at the same time NGA has matured as an institution,” said James Clapper, the director of national intelligence at the Oct. 3 change of directorship ceremony in Springfield, Virginia. “Under Tish’s magnificent leadership, over the past four years this tremendous NGA workforce has realized Tish’s vision, to put GEOINT into the hands of mission partners. You are actually doing things that we only dreamed and talked about when I was director. I believe Tish’s best accomplishment, her greatest legacy, is this superb workforce that she’s entrusting to Robert today. This workforce under Tish’s leadership has truly made GEOINT a professional discipline.”

Cardillo outlined some of his priorities and focus areas in a press conference after the ceremony.

“My predecessors … have built a foundation now of intimate customer support, dedicated civil service and an aggressive, interactive and dynamic intelligence information service,” he said. “What do I want to do with all that? I want to take it to the next level. What is the next level? We need to build on top of those capabilities and create an even more enhanced conversation with our customers in order to lead them into the future.”

Cardillo said given the broad commercialization of geospatial data and given the opportunities out there, NGA can lead them into a better place — a decision, a military action or the movement of a piece of equipment.

As for Long, she didn’t say what her plans are except to take a vacation on a beach somewhere. Long told Jared Serbu she plans to stay in the community with a focus on ensuring women are involved in the science, technology, engineering and math disciplines.

Long, who followed in her father’s footsteps as a career intelligence official, will be remembered as much for being the first woman to head a major intelligence agency — breaking the so-called glass ceiling — as for her focus on workforce development and intelligence integration of GEOINT across the community.

“We have pursued our vision relentlessly. Together, we have transformed NGA from a static product producer into a provider of dynamic content, analysis and knowledge,” Long said. “Together we have proved the transcendent value of GEOINT and met our customers’ needs with exceptional tradecraft. Together we have set NGA on an irrevocable course as a driver of intelligence integration, creating new value for our mission partners and enabling their mission success.”

T reasury and the Office of Management and Budget are trying to set some baseline expectations for financial management shared services as the initiative ramps up.

Treasury released two draft governance documents recently to gather comments from agencies and industry. Federal News Radio obtained both drafts.

The first document addresses the rules for the financial management shared services marketplace in an effort to guide the implementation of OMB and Treasury’s long-term vision.

The second document focuses on the federal shared service provider and customer agency relationship during the operations and maintenance (O&M) phase of the systems development life cycle.

These two guidances are important pieces to making this second bite at the share services apple a successful one.

Beth Angerman, the director of Treasury’s Office of Financial Innovation and Transformation (OFIT), said at a recent shared services forum sponsored by ACT-IAC, that leadership at the provider and customer agency levels is among the most important success factors to shared services.

“There are certain things that really need to be in place before customers and providers start discovery. And there are other things that need to be in place before they begin implementation, like project management support and independent verification and validation services,” Angerman said. “These are not something we can wait for. What I found is, we know the dates before we ever do the plans. We know when these systems are going to fail on us and it’s a little bit backwards. We really need to make sure before we start these implementations we have some of things in place like governance. Not my governance or governance of the marketplace, but governance within the customers and providers to be able to make decisions quickly so they don’t hamper our ability to make these dates.”

Angerman said she expects OFIT to release the guidance in the coming months.

The shared service provider and agency customer draft guidance are most telling. Treasury and OMB detail 10 areas where the provider needs to inform their customers of changes or decisions, but not ask for approval. These include minor things such as organization structure and personnel, as well as major changes such as chargeback and security patches.

They also detailed nine areas where they should engage the customer in discussions — meaning seek their input and potential approval. These include everything from changes to customer pricing to software versioning to end-user processes.

The draft guidances don’t mention industry’s role or detail where they fit in this effort.

Angerman has repeatedly said industry’s role is clear, as support functions around IV&V or project management, and as integrators or software support.

“One of the asks that I always have with industry if you guys are thinking that there is some other way you can help — we get a lot of criticism that we might be squeezing industry out — if there are tools out there or thought leadership that we might be able to use to better craft our vision. Or if there are tools out there that might be of help to actual implementations, we are always open to feedback in that space,” she said.

The Office of Management and Budget’s Office of E-Government and IT is getting a much-appreciated shot in the arm of people and brain power after the recent exodus of several long-time executives and policy folks.

Grant Schneider, the Defense Intelligence Agency’s chief information officer, will be joining the office on a two-year detail to work on cybersecurity issues.

Schneider told me last week about his new job. And when pressed whether he would be the next federal CIO and this was only a holding position, Schneider said he had no knowledge or plans of another move.

“I’m going to be senior cyber advisor in the E-Gov organization,” he said. “What we’ve discussed so far is I’ll focus on a little bit of the oversight of the continuous diagnostics and mitigation (CDM) program and also, I’m guessing, I’ll spend more of my time focused on identity management across the broader federal government space. It’s about getting stakeholders together, charting a new course on doing identity management and starting to make more progress.”

Programming note: You can listen to my full interview with Schneider next Thursday at 9 a.m. on my Ask the CIO radio show.

Schneider announced earlier this year he would be leaving DIA after 22 years, including the last seven as its CIO.

Janice Glover-Jones, the deputy CIO for DIA, will be the acting CIO until a new one is named.

Schneider’s move to OMB is an interesting one for several reasons. First off, the White House often times likes to bring someone over as a senior advisor before pushing them in to one of the plum roles. Anne Rung, for example, was a senior advisor to Beth Cobert, the deputy director for management at OMB, before being nominated to be administrator of the Office of Federal Procurement Policy.

But even if Schneider is not on the short list to be the next federal CIO, the fact that OMB is bringing in a cyber expert demonstrates a shift in thinking. Throughout the first five years of the Obama administration, OMB handed much of the cyber oversight and policy to the White House cyber coordinator and to the Department of Homeland Security. Yes, they still played a role with things such as cyberstat or the Federal Information Security Management (FISMA) Act, but Vivek Kundra, the first federal CIO, and Steve VanRoekel, who departed as federal CIO in September, had little real appetite for cybersecurity policy.

Finally, Schneider’s move to OMB also will help create a bond between the White House and the Defense Department among the technology community that has been missing over the last five years. I’ve been told several times over the years DoD’s participation with civilian agency CIOs has been lacking ever since Dave Wennergren left the CIO community.

Along with Schneider’s move, several other well-known IT community members are changing jobs.

Shawn Kingsberry, the CIO at the Recovery Accountability and Transparency Board, is leaving government Oct. 18 for the private sector.

Kingsberry confirmed his move in an email. He said he will be joining TASC as its director of cloud services.

“This is an awesome opportunity to help the federal government expand the use of 21st century technology and business approaches,” he said in an email. “My focus will be on all things cloud, which include big data analytics and security.”

Kingsberry has been the RAT Board’s CIO since 2009 and has spent 22 years in government.

The RAT Board jumped into the cloud immediately as it set up its network and data analytics. Kingsberry pushed the ball forward using the cloud to better analyze data.

A third CIO on the move is Kevin Kern. He’s left the Immigration and Customs Enforcement directorate at DHS after only four months on the job.

ICE brought in Kern under special hiring authorities in May to serve as the acting CIO after Thomas Michelli moved to become the deputy CIO at the Coast Guard in February.

Industry experts expected Kern to be the next permanent CIO, but obviously that either didn’t happen or he got tired of waiting. ICE issued a job announcement for a CIO that closed in June.

Two other personnel tidbits — Dick Gregg, the recently retired assistant secretary of the fiscal service at the Treasury Department, didn’t stay on the golf course for too long. He joined H.J. Steininger as a managing director. Gregg will focus on federal financial management, including shared services and the Digital Accountability and Transparency Act (DATA Act).

Martha Przysucha has taken a detail to NASA to be its digital services director. She comes to NASA from the General Services Administration, where she spent the last three years as the director of policy, management and outreach in the Office of Governmentwide Policy.

If health IT is your expertise and passion, then the Department of Health and Human Services’ Indian Health Service has the perfect job for you. Oh, and if you feel like you’ve read this post here before — well, you have. This is the second time IHS posted a job announcement on USAJobs.

Not sure why the Indian Health Service is reposting, but it’s still an interesting position.

IHS is seeking a new director of the Office of IT and CIO. In this Senior Executive Service position, the CIO oversees one of the most advanced agencies when it comes to using technology to serve its constituents, Native Americans and Alaskan Native populations. Howard Hays still is the acting CIO. Applications are due Oct. 17.

The Obama administration’s strategic sourcing program has been beset by protests from unhappy vendors. But now the White House is hearing complaints from a larger, well connected constituency, the AbilityOne program.

More than 50 lawmakers wrote a letter to the General Services Administration Sept. 12 questioning its compliance with the Javits-Wagner-O’Day (JWOD) Act, which requires agencies to purchase specified products and services through the AbilityOne program. The AbilityOne program supports nearly 50,000 individuals who are blind or have other significant disabilities in manufacturing and services roles.

GSA, which is leading the acquisition part of the Federal Strategic Sourcing Initiative, has come under scrutiny for its Office Supplies 3 acquisition. The National Industries for the Blind protested OS3 twice over the inclusion of “brick-and-mortar” stores in a specific section of the contract. The Government Accountability Office denied NIB’s first protest and dismissed its second one.

But NIB’s protests of OS3 and other growing concerns about how GSA is ensuring compliance with AbilityOne prompted the lawmakers’ questions.

Lawmakers want to know:

• What has been the performance of GSA commercial contractors with regard to maintaining the AbilityOne mandatory status? How has GSA managed non-compliant contractors?
• What mark-up does GSA apply to AbilityOne products sold through GSA Global Supply?
• What specific policies will GSA follow to ensure that commercial contractors comply with the mandatory requirements of the AbilityOne program?

“We ask GSA to work with us, the AbilityOne Commission, and National Industries for the Blind to guarantee compliance with the JWOD Act and further the goal of creating long-term, stable employment for Americans who are blind or who have other significant disabilities,” lawmakers wrote.

GSA, in part, responded to the concerns of lawmakers by posting a blog by Bill Sisk, deputy commissioner of the Federal Acquisition Service.

Sisk wrote GSA has long supported the goals and people who are part of the AbilityOne program, and will continue to do so as the agency modernizes its schedule contracts

“The future of GSA’s Supply Transformation efforts shifts us to a model that will result in a more efficient supply chain, faster delivery times and better prices for our agency customers,” Sisk wrote. “This new approach will continue to strengthen our long-standing partnership with the AbilityOne program while at the same time using the capabilities of our vendors to directly support GSA’s customers, simplify federal acquisition, and over the next five years save taxpayers a half billion dollars.”

Sisk said GSA’s support of AbilityOne is strong today and will continue in the future. In fiscal 2013, GSA’s Global Supply sold more than $228 million worth of AbilityOne products, representing 22 percent of its business. So far in 2014 through August, GSA said AbilityOne received fewer total dollars, $191 million, but a larger percentage of their overall sales, 31 percent.

“Under Supply Transformation, GSA is closing its distribution centers in New Jersey and California, and transitioning to a model that streamlines distribution by having vendor partners directly store and ship our products,” Sisk wrote. “During the current transition, and after the complete implementation of the Federal Strategic Sourcing Initiative (FSSI), all vendors must be authorized AbilityOne distributors before they can be considered as vendor partners for GSA Global Supply.”

He added GSA will conduct “spot checks” for compliance with the AbilityOne rules to make sure vendors are not offering or shipping commercial items that are deemed equivalent to AbilityOne products.

“GSA works closely with AbilityOne to identify ‘Essentially the Same’ items, to communicate to vendors which product offerings are valid, and verifies compliance with random checks,” Sisk wrote.

Congressional interest in FSSI is expected to continue to rise over the next year as the House Small Business Committee is seriously concerned over the program’s impact on small businesses. And as the White House pushes GSA to put more products and services under FSSI, other constituencies likely will raise concerns to Congress. The big question is whether other committees, beside the small business ones, take notice over the changing nature of how the government buys products and services.