Every day around 2 p.m., Federal Chief Information Officer Suzette Kent and Federal Chief Information Security Office Grant Schneider hold a call with agency CIOs and CISOs to discuss problems, challenges, concerns or just to check in to make sure networks, applications and IT staff are handling the stress of the increased demand.
The call, according to agency CIOs who participate, is all about collaboration and figuring out how to best ensure agency technology is giving employees what they need to work through the coronavirus pandemic.
“There is no grand standing. It’s all about asking what needs to be done and getting it done,” said one agency CIO, who requested anonymity because they didn’t get permission to talk to the press. “It’s been really good communications and solid leadership.”
The calls, however, are more than just the usual check-ins and performing the duties of a good managers; it’s a leadership test across the government.
Insight by Kodak Alaris: Practitioners provide insight into how states and the IT industry are dealing with Real ID in this exclusive executive briefing.
“The IT community knows where to go if we have a problem,” said Dorothy Aronson, the CIO at the National Science Foundation, in an interview with Federal News Network. “We have also been talking about what upcoming OMB deadlines may need to be discussed and possibly moved. It’s all a part of the communication. If we find a pressure that is artificially generated, Suzette is open to having discussions.”
While the call helps drill down into specific challenges, the Office of Management and Budget’s recent technology focused memo helped set the broad expectations across government.
“The memo is emphasizing all the things that should be top of mind for CIOs and their teams,” Kent said in an interview. “CIOs and their teams are working around the clock aggressively to meet demand and make sure agencies are still covering their mission functions.”
Kent said it’s not just CIOs, but the Department of Homeland Security and industry partners too.
The Cybersecurity and Infrastructure Security Agency (CISA) at DHS has brought additional cyber tools to bear to help agencies deal with potential or real threats that are emerging because so many employees are teleworking.
“The tools are more focused on internet type of traffic,” Kent said. “Everyone is acting with urgency not only inside the federal government, but also the vendors we are working with. We have been inundated with offers from vendors. We are collecting all those offers and going through them in a way that’s efficient to decide what we can use.”
Kent said her office has talked with the internet service providers and telecommunications companies about how they are scaling up to meet demand and to make sure the security tools are in place on those networks.
“We started preparing for this a few weeks ago. Agencies did individual assessments of their capacity and took actions then to size it,” Kent said. “Right now over the last week and into this week, we see those investments in modernization, like moving to the cloud and the scaling that comes with it, prove the value and give us the results we wanted to see. Agencies are able to go from volumes of a snow day in a region to much larger scale volumes across the country. We’ve done virtual private network testing, and vendors have been very responsive to scale up licenses and with technical tweaks that agencies needed.”
Kent and other CIOs say the value and benefits of new tools and technologies implemented through IT modernization efforts are paying off now more than ever.
“One of the many changes we made leading up to having so many people telework is we expedited the deployment of the Zoom application,” Aronson said. “We were in the middle of deployment, but pushed it out very quickly in the last few days before the Friday that remote work started.”
The other agency CIO said they had previously deployed the infrastructure and tools to make teleworking easy so it was just a matter of improving the few field offices that had some initial problems.
“Initially some of the offices had challenges scaling up on the VPN, but that’s where industry came in and helped by deploying patches and tweaks to the VPN infrastructure to dramatically increase the number of concurrent sessions. It all happened in less than a day,” the CIO said.
Gordon Bitko, the senior vice president of policy for public sector at the Information Technology Industry Council (ITI), an industry association, and the former FBI CIO, said agency decisions to move the cloud are making remote working possible in a way that it wouldn’t have been five or 10 years ago.
“The delivery of emergency technical capabilities to the government is only possible at speed because of the use of scalable, elastic, cloud services. As a result, agencies that have migrated to modern platforms will be able to maintain basic continuity of operations via remote workers,” Bitko said. “The COVID-19 emergency highlights the need for government IT modernization. There are many legacy systems that won’t be as resilient because they were never designed with this sort of work scenario in mind.”
Matthew Cornelius, the executive director of the Alliance for Digital Innovation, an industry association, and the former OMB cybersecurity and senior technology adviser, said all of these efforts provide more examples for Congress to understand why IT modernization is so important.
“I think OMB will have lots of data that validates how the retirement of legacy systems (and the massive drain of resources in keeping those old operating models alive) and a wide-scale, enterprise embrace of commercial innovation is not just necessary, it’s imperative,” he said. “The Technology Modernization Fund could become a targeted investment vehicle to identify the most cumbersome, antiquated, and insecure systems and operating models and prioritize them for a complete overhaul toward modern commercial capabilities and service delivery mechanisms.”
Some in the House already have recognized the need to move off legacy, proposing $3 billion for the TMF in the initial version of the stimulus bill, which the Senate passed March 25 and the House is expected to approve on Friday. The final version of the stimulus bill doesn’t include any new money for the TMF.
“TMF dollars are about shifting agencies away from complacent operating models and the trappings of technical debt, which prioritizes the status quo and incumbents, towards commercial innovation and modern ways to delivering citizen services,” Cornelius said.
To be clear, not every agency is experiencing high quality technology.
A Federal News Network survey of more than 1,000 federal employees found continued technology challenges for those who want to telework.
The comments from employees ranged from not having proper equipment like laptops to managers telling them the network or VPN can’t handle the increased load.
One respondent wrote, “Technical performance is severely lacking. Working for a long time requires setting up a decent environment just for work!”
Several federal employees said the VPNs are in place, but are slowed down by the demand of teleworkers.
“The U.S. Air Force servers cannot handle the load. I’ve not been able to access work emails from home 99% of the time during the past three days. Since I don’t have a government laptop, accessing the work servers via VPN is not possible,” the employee said.
Another said, “Usually it’s easy, but VPN is so jammed it’s hard to get anything done.”
And still another: “Decent enough job, but years of ignoring our failing VPN is kicking us in the butt. Also without a CIO now.”
Bitko said OMB’s memo highlights at least one shortcoming in agency technology and mission or business processes.
“As OMB’s FAQ tries to address, there are still processes set up for non-electronic signatures, and agencies will need to figure out acceptable e-signature approaches,” he said. “One additional key challenge that the OMB memo doesn’t directly address is the importance of reciprocity across agencies, especially with regard to security approvals. It’s far too often still the case that products and services approved for use by one agency in their environment need to be re-validated by other agencies. That may unfortunately slow down the ability of some agencies to take advantage of some of the products and services that industry is making available.”
Kent said that nearly every agency had some sort of e-signature capability and just had to expand it.
“It’s a matter of using it and in some cases ensuring that others who are part of the business process accept it. There are a few places where we are still asking for wet signatures, but that’s less about technology and more about the business process,” Kent said. “Here’s what’s really interesting: part of the reason we had to be as forceful as this about e-signatures is people were asking to take printers home so they could print and sign documents. That was not something we wanted them to do. It was also something we had to address as we experienced similar challenges during the lapse in appropriations. This was an alternative that worked for everyone.”