The 2007 policy that is making the move to the cloud more difficult

The 38th annual and final Management of Change conference opened May 21 in Cambridge, Maryland with a lot of uncertainties hanging out there in the federal community. Updates on policies and plans from the Trump administration had been slow to materialize up to that point.

The fiscal 2018 budget release was still two days away when the conference began, and the lack of politically appointed executives — ranging from the federal chief information officer, to the administrator of the Office of Federal Procurement Policy, to the administrator of the General Services Administration, to a majority of the presidentially appointed CIOs — is leaving many agency officials acting cautiously as they wait for new political leadership.

But despite initial concerns, ACT-IAC delivered a solid, informative conference. Below are three highlights of some of the news that drove the conference.

Unfortunately, ACT-IAC announced this was the last MOC conference. The government-industry organization announced it planned to combine MOC with its Executive Leadership Conference (ELC) starting in October 2018 in Philadelphia, Pennsylvania. Generally, this concept drew mixed reviews of the people I talked to. Several like the intimacy of MOC, with only 400 people and an attractive government-to-industry ratio, whereas ELC is much larger, at 800 attendees, and what feels like a larger government-to-industry ratio. ACT-IAC says the ratio is 3:1 just like MOC. I’ll leave that discussion for another time.

So here are my three news takeaways from the final MOC:

TIC requirements and cloud services don’t get along well

Federal chief information officers and industry cloud service providers have a common problem: the Trusted Internet Connections (TIC) requirement.

Both CIOs and vendors agree the TIC requirement was important, necessary and smart in 2007, but today it just doesn’t make sense anymore.

“The concept before the cloud was we knew our perimeter, have our network and we wanted to log our traffic through the EINSTEIN device so we could analyze net-flow traffic and report it back to the Homeland Security Department,” said Susie Adams, Microsoft’s chief technology officer. “Now the perimeter has changed. Agencies are interpreting that all data going out of their network must go through the TIC, so if you are using a virtual private network (VPN) to get a file on your network or using Office 365 in the cloud, you have to go through the TIC and it becomes a huge bottleneck because there isn’t enough bandwidth.”

And it’s not just vendors who are unhappy with the TIC.

State Department CIO Frontis Wiggins told me last month during our Ask the CIO interview that the TIC requirements are adding a level of complexity to the agency’s move to the cloud.

Wiggins said State needs to be sure the email system will run, even if the link back to headquarters through the cloud goes down. He said because all traffic must go through a Trusted Internet Connection (TIC), that makes cloud email more complex than normal.

Editor Jason Miller discusses this story on Federal Drive with Tom Temin

“If we want to collapse all of that into a sustainable environment, I have to make sure I have multiple routes to get to every location and if I have backhaul that traffic, that is where the risk is,” he said.

Adams said DHS and the Office of Management and Budget understand the challenges and began to address it with the TIC overlay for cloud services, but vendors and agencies alike still are waiting.

“We’ve been meeting with DHS for the last three years and agencies have been complaining,” she said. “Everyone knows it’s broken. Former federal CIO Tony Scott got it 2 1/2 years ago. DHS piloted the TIC overlay and started developing the TIC 3.0 requirements, but nothing has been finalized. OMB needs to issue guidance saying agencies can use the overlay.”

The TIC overlay says agencies can go to a cloud provider if the vendor can send log file data back to the agency and DHS.

Margie Graves, the acting federal CIO, said relooking at the TIC policy is a top priority as part of her office’s policy and regulatory review.

“Our expectation is that the architecture will have to change,” Graves said. “The way we designed the TIC in the past was perimeter-based, but in a high transaction environment it causes degradation in services and poor customer experience, and it prevents you from adopting cloud in the manner you ‘d like to adopt it. We have a policy clean out in a process. One of the most important ones is the TIC architecture. We are doing that with DHS as well as looking at how we do authority to operate (ATOs). Those are two things want to tackle.”

The question then becomes how long it will take. As Adams said, the fact that the TIC requirements and cloud services don’t jibe together well isn’t a new problem.

She said in the short term, OMB should issue some guidance to use the TIC overlay and add a few more details for areas like mobile computing.

Adams added that the third phase of the continuous diagnostics and mitigation (CDM) program will help with this challenge because the tools and services will look at the application layer and send cyber data back to the agency-wide and federal-wide dashboards.

In the meantime, agencies are spending more money than necessary to get dedicated connections to cloud offerings, such as Office 365, as a way to not have to go through TIC. This may be good for the telecommunications providers, but it doesn’t make sense, as many agencies are seeing their IT budgets reduced and the administration is pushing for cloud and other shared services.

A biometrics resurgence is happening

In the mid-2000s, agencies jumped on the biometrics bandwagon with an assortment of initiatives.

Some, like the Justice Department’s Next Generation Identification (NGI) system, took off, while others, such as the Homeland Security Department’s use of biometrics for identity cards, struggled.

But like many things in the technology world, a little time, patience and innovation can go a long way, and there seems to be a resurgence of biometrics.

The Defense Department, which has long been at the forefront of biometrics, has bigger plans for the next two years.

Will Graves, chief engineer product manager for biometrics for DoD’s Biometric Enabling Capability, said during a panel that they are working on long-range facial recognition technology that could identify the driver of a vehicle up to 800 meters away and through the windshield.

The goal of the technology is to counter improvised explosive devices in cars and trucks.

In early March, DoD issued a broad agency announcement (BAA) under its Rapid Innovation Fund effort that seems to be fulfilling this requirement.

One of the areas under the BAA is seeking “real-time streaming video face tracking/detection, extraction and matching.”

“Design an end-to-end, turn-key unconstrained face recognition server-based/application to process relevant streaming or multiplexed image and video sources from large numbers of sources,” the announcement stated. “The delivered system shall perform image and video discovery across a media volume, followed by detection and tracking facial identities of interest, retrieval, extraction, analysis of relevant images and video streams in real-time, clustering of facial biometrics, matching facial identities against a watch-list database, and archiving any observed facial identities for future re-identification tasks; the application shall also permit searches of clustered face templates (facial biometrics) against watch-list galleries (‘lights-out’), with user feedback available to edit/update clusters.”

Graves said the other initiative is around near real-time biometrics that includes an assortment of modalities, including contactless fingerprints, facial recognition, video and social media analytics, and irises on the move.

“The goal is for the guards to monitor in real time people and to deter threats before it gets in the base or compound,” he said.

John Boyd, the assistant director of Futures Identity for DHS, said one of the biggest changes for biometrics hasn’t necessarily been the technology, but more the policy that still needs to catch up with usage.

He said DHS is working the Transportation Security Administration through the Transportation Worker Identification Card (TWIC) program on multi-factor authentication for logical access.

“From our standpoint, it is not as big as a challenge around the technology as it is for policy. There are certain authorities and responsibilities that we are working through the challenges of privacy, for example,” he said at the panel.

The panel demonstrated at a high level the continued maturation and growing acceptance that using biometrics will keep facilities safer.

OFPP’s Blum receives well-deserved recognition

The average federal worker probably doesn’t know Matthew Blum, the associate administrator in the Office of Federal Procurement Policy (OFPP). But there is a pretty good chance he’s impacted the working lives of nearly every federal employee and contractor over the last two decades.

Blum is one of the hardest working, most knowledgeable and most under-appreciated federal employees in government today. Over the last 20-plus years, Blum has worked on every major procurement issue and brought a level of professionalism, understanding and overall proficiency that we all should emulate.

At MOC, Blum received some well-deserved recognition by receiving the John J. Franke award.

ACT-IAC gives the Franke award to a federal employee who has made extraordinary and long-term contributions to creating a more effective, innovative and responsive government.

Franke was a long-time government employee who epitomized excellence in public service. His government career included service as a Marine in Korea, a county commissioner in Kansas, the regional administrator of the EPA and assistant secretary for administration at the Agriculture Department. Throughout his career, Franke was known for his commitment to better government, his loyalty and support for those who worked for him, and his adherence to the highest professional standards.

Advertisement

Blum is the third person in his family to work for the government. He said his father worked for USDA for 40 years.

“I’m proud to be a public servant,” Blum said in accepting the award. “My dad believed government was a problem-solver and he took pleasure in being part of a cadre of dedicated civil servants.”

During his career, Blum helped shape the foundational acquisition efforts, including the Federal Acquisition Streamlining Act (FASA), the Clinger-Cohen Act, the Services Acquisition Reform Act (SARA). More recently, Blum led the effort to write the “TechFAR” for acquiring IT in innovative ways.

He also played a role in developing a joint acquisition and IT training programs to promote digital services.

Additionally, Blum led the development of almost every Federal Acquisition Regulation (FAR) to implement legislation, executive actions and other guidance.

“I’m humbled to be recognized by ACT-IAC,” Blum said. “The potential to achieve has fewer boundaries when people work together. When we work constructively to solve problems, we make government better for all of us.”

Well said from someone who truly believes in the real power of good government.

Return to the Reporter’s Notebook

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.