When it comes to federal technology and procurement, 2020 will be remembered for many things, but maybe most prominently it was the year telework became the norm and not some luxury of a few forward-thinking agencies.
The year that is almost over also proved urgency and emergency can drive agencies and vendors to get hardware and software in place in record time and within federal rules.
Even if we put the COVID-19 pandemic aside for a second—if we can—2020 raised the cybersecurity stress level of agencies and contractors alike more than at any time over the last five years given the recent SolarWinds cyber breach and the rollout of the Cybersecurity Maturity Model Certification (CMMC) and supply chain risk management efforts. The Homeland Security Department’s decision to relax the burden of the Trusted Internet Connections (TIC) requirements as agencies put more applications in the cloud was one of the few welcomed reprieves.
The year also marked the continued rise of cloud services, the increased use of DevSecOps and agile development and everyone was talking about artificial intelligence, machine learning and 5G as they were darlings of the community.
I asked a panel of experts for their take on 2020 around federal IT and procurement.
The panelists were:
Jose Arrieta, former CIO at the Department of Health and Human Services
Mike Hettinger, president of Hettinger Strategy Group
Malcolm Jackson, former CIO at the Environmental Protection Agency and currently the principal director for CIO Advisory Services at Accenture Federal Services
Suzette Kent, former federal CIO
Essye Miller, former Defense Department deputy CIO
Biggest technology and procurement stories of 2020
Which new policy or updated policy from OMB was most significant this year, and why?
Miller: The Cloud Smart strategy set the stage for agencies to better envision the path to cloud adoption as a means to IT modernization. It shifted the conversation from counting data centers to use of emerging technology to support mission enhancement. Unknowingly, this ultimately set the stage for the successes we saw supporting the pandemic.
Jackson: Everything this year was centered around COVID-19. OMB updated its guidance on telework flexibilities in M-20-13, M-20-15 and M-20-19 – all accommodations designed to support broader telework and mission continuity in response to COVID-19, accelerating agencies down the path towards network enhancements, collaboration tools, cloud/platforms and heightened cyber awareness. Prior to COVID, many federal agencies had telework capacity that didn’t support access to capabilities required by the entire workforce. Updating the telework guidance sets the government up to be more aligned with commercial industry’s use of telework. This type of private/public sector parity can accelerate the pace of transformation for the government.
Kent: Although OMB M-20-19, Harnessing Technology to Support Mission Continuity did not introduce any new capabilities, it allowed agencies to prioritize and promote capabilities that were already available, eliminate adoption friction and maximize agency use in ways that further expanded technology and digital tools during the pandemic. This was a proof point of the importance of having clear priority directives from the top of agencies and supporting agency adoption of capabilities.
Hettinger: In my world, the most important OMB policies this year revolved around the response to the pandemic. OMB memos M-20-15 and M-20-16, which provided guidance for federal employees around expanded telework, M-20-18, on managing contract performance during the pandemic and most importantly, M-20-19, which called on federal agencies to harness technology to support the mission as employees and contractors moved to a work-from-home first posture. M-20-19 in particular was critical to adjusting the mindset and providing agencies with flexibility to acquire and leverage the tools they needed–like e-forms and e-signatures–to support remote work. The other key policy issued in response to the pandemic was the interim Trusted Internet Connections (TIC) 3.0 policy issued by the Cybersecurity and Infrastructure Security Agency (CISA). Like the OMB memos, the intent of this interim policy, which was really an offshoot of M-20-19, was to enhance the security of .gov networks against the backdrop of a massive surge in telework. The interim TIC policy has been instrumental in supporting secure remote work environments, enhanced virtual private networks (VPN) and virtual desktops as well as promoting zero trust environments.
What was the biggest surprise around federal IT or procurement this year, and why?
Kent: Many have told me that the pivot to telework, teleservice and new product introductions (CARES Act-related) that moved quickly and performed well were a surprise…I was not surprised because it exemplified the great, often overlooked, work being done by agencies every day toward their strategic agendas. It demonstrated that they took action on cloud-supported solutions, modern email, electronic signature, digital citizen services, connected cybersecurity and scalable vendor solutions. It would be a massive failure for service quality, workforce experience and efficiency if the expansion and focus on these did not continue.
Hettinger: This is a tough question but I think I’ll have to go with JEDI. The fact that DoD stuck to its guns and kept this as a single award despite all of the protests and related legal action is pretty surprising. The easy way out would have been to rebid it, make multiple awards and let the vendors fight it out at the task order level.
Arrieta: I think the biggest surprise from my perspective was the speed with which OMB, HHS, White House Coronavirus Task Force, the Homeland Security Department, the Defense Department and the National Security Agency were able to respond to and drive the pandemic response once the policy direction was established. It is a testament to the training that the career workforce has received over the last five-to-10 years. For example, at HHS, the CIO function when I was the leader was able to fund some work eight hours after a large cyber attack, plan, negotiate and award a contract in less than 36 days, and implement a modern Managed Trusted Internet Protocol Services (MTIPs) fully in 119 days using a blended competitive process. Partnering with GSA, the HHS CIO and the contracting officer were able to drive a discount of over 70%. This is an example of the incredible planning and adaptability within the career acquisition and technology workforce at HHS.
Jackson: Beyond COVID, the biggest surprise was how quickly agencies were able to expedite procurements in support of telework capabilities. Federal procurement officers can learn from this success and embrace similar agile practices moving forward. The pandemic proved that it can be done. Now it can be standardized and used for non-crisis environments as well.
Miller: The speed of technology adoption to support a remote workforce during the pandemic. Agencies were creative, agile and responsive to mission needs. The typical procurement obstacles were not barriers to success. The move toward a cloud environment was already underway. Agencies were already looking at commercial solutions for email and collaboration that met our cyber security requirements. The pandemic made those efforts visible very quickly.