Sonny Bhagowalia, the Treasury Department’s chief information officer since October 2014, has been moved out of his position and put on detail to the Bureau of Fiscal Service.
A Treasury spokeswoman confirmed Bhagowalia’s new position and said he will “focus on a series of important cybersecurity and technology projects” at the bureau.
In the meantime, Eric Olson, the deputy CIO, will serve as acting CIO, the spokeswoman said.
The spokeswoman did not say how long Bhagowalia’s detail would last and didn’t respond to an email asking for clarification.
Insight by the Anomali: Justice Department, DODIN, DHS and IT-ISAC explore cyber threat intelligence in this free webinar.
Usually, when a CIO like Bhagowalia — who has been in his position for almost three years and has had a fair amount of success — gets reassigned to another part of the agency, it raises some red flags.
But this one should sound the alarm bells for all “legacy” federal agency CIOs.
Multiple sources say Bhagowalia likely is the first shoe to drop in the Trump administration’s plan to replace most, if not every, department CIO aside from the ones they named, such as Richard Staropoli at the Homeland Security Department, or Johnson Joy at the Department of Housing and Urban Development.
One source familiar with the administration’s thinking said the current belief in the Office of Management and Budget and White House is that CIOs should be business people, not technology people. The source said, however, the effort to find people with the qualifications they are seeking isn’t going well.
To be clear, the administration is not expected to come in and dismiss every Senior Executive Service career CIO in one fell swoop. It’s more likely to happen in drips and drops, and that’s why the Bhagowalia reassignment is so noteworthy.
And to put a finer point on this, any federal CIO’s job depends on their relationship with the deputy secretary and secretary of their individual agency, so even if OMB wants to sweep the slate clean, the people running the actual agency may have the final say.
It’s unclear in Bhagowalia’s case whether it was OMB, Secretary Steve Mnuchin or someone else’s decision for the detail.
Over the past two decades, there have been discussions around whether CIOs, like CFOs, should be political appointees. It’s unclear whether the administration supports that, but the trend over the last five years is to use Schedule C appointments to bring in CIOs more quickly — just see what HUD and the Commerce Department did under the Obama administration.
To be sure, there isn’t agreement in the federal technology community whether political CIOs make sense.
Over the years, some, such as Roger Baker, the former CIO at the Veterans Affairs and Commerce departments, have been staunch supporters of politically appointed CIOs.
But both the Bush and Obama administrations have rejected congressional attempts to change or write laws to make CIOs political appointees.
For the Trump administration to change out most or all career CIOs into executives who they believe are more business oriented, it would likely have to use the Schedule C process to bring in the new people in an expedited manner and thus create a whole cadre of political technology executives.
An email to OMB seeking comment on plans to bring in new CIOs was not returned.
The source said changing out all or most career CIOs would be disruptive, to say the least, and would hamper the administration’s efforts to modernize and secure government services and systems.
“The administration truly believes they can transform things in this manner,” the source said. “The new CIOs would bring a different view, by their current thinking. But it’s just not true.”
This also leads down the path of the status of the federal CIO and federal chief information security officer.
OMB told me in May that they expected to have a new federal CIO this summer.
But recent events seem to insinuate that a new CIO may not arrive until the fall or even winter.
During the Tech CEO summit in June at the White House, Chris Liddell, the Office of American Innovation lead and assistant to the president for strategic initiatives, asked private-sector executives for suggestions for senior-level technology experts to come do a stint in government.
More recently, the White House and OMB circulated, once again, the job description for the federal CIO.
Another source confirmed the White House continues to reach out to the community seeking recommendations.
“A number of people have suggested names and referred people, but I don’t know where they are in the process,” the source said. “A new call went out in the last week or two.”
The federal CIO’s job description offers some insights into the administration’s thinking, too.
For instance, the job description isn’t necessarily focused heavily on the business side of the job.
“The federal CIO should have a range of experience in disciplines of transformational leadership, cybersecurity expertise, portfolio governance/oversight, strategic policy development, legislative process, technology/engineering/architecture, operational implementation, and metrics and measures,” the job description stated. “Operating Model: The FCIO is charged with setting IT strategy, facilitating cost effective and timely implementation of IT investments in federal agencies, and monitoring govern wide mission impact and results. The workflow across OFCIO mirrors and encompasses all aspects of the information systems lifecycle of product and service delivery.”
The job description also discusses the role of the federal CISO, opening the door that the administration plans on hiring one.
In describing the offices the federal CIO would oversee, the description stated:
“The federal Chief Information Security Officer’s (CISO) responsibilities include setting a governmentwide vision for continuously improving the cyber posture of both the federal government and critical infrastructure sectors in conjunction with authorities promulgated by both OMB and the Department of Homeland Security. The deputy CISO assists the CISO in the development and implementation of the larger cybersecurity vision for the federal government. The CISO is the key liaison for government to government interaction on cyber matters and also leads an integrated cybersecurity approach developed for private sector entities. The CISO leads engagement with agencies regarding cyber posture, FISMA performance, incident management and adoption and achievement of milestones within government-wide initiatives such as the Cybersecurity National Action Plan and the Continuous Diagnostics and Mitigation (CDM) Program. The CISO conducts Cyberstat reviews and provides technical assistance to agencies to achieve goals. The CISO maintains external stakeholder engagement and strategic cyber partnerships such as, but not limited to, integration with the Department of Homeland Security, the President’s Commission on Cybersecurity, industry engagement regarding best practices and solutions, and coordination with NIST on standards. The CISO leads coordination of appropriate measures and metrics to drive improvement in cybersecurity posture across the federal government and aligns closely with the agency engagement team under the deputy federal CIO to ensure all metrics are coordinated.”
An email to OMB asking about the status and plans for hiring a federal CIO and CISO was not returned.
So here we are six months into the new administration, and many key management positions, including the director of the Office of Personnel Management, the administrator of the General Services Administration, OMB’s deputy director for management, the federal CIO, the administrator in the Office of Federal Procurement Policy, and many others, remain unfilled, and in many cases unknown for what the future looks like.
If you add to this a potential plan to clean house of legacy career CIOs, federal management efforts surely are on uncertain footing.