Themes from the GITEC Summit 2018 Event

The GITEC Summit of 2018, held from April 22nd-24th, hosted five government/former government keynote speakers plus dozens of panelists from a variety of agencies in different track sessions and roundtable discussions. Popular IT topics such as artificial intelligence and machine learning (AI and ML), blockchain, cloud, shared services, cyber and acquisition spanned much of the conversations that took place. The goal of the event, from my perspective, was to exchange ideas on how to take government modernization to the next level. Through it all, two recurring themes arose from the occasion: how to engage the government workforce and the types of projects ideal for government transformation.

Workforce Challenges and Engagement

It is no secret that government faces a change-averse culture with folks proceeding with caution and doubt when it comes to modernization. For example, when asked during a panel discussion on modernization and CDM what his biggest challenge in cyber was, Kevin Cox, Program Manager of the CDM program at DHS, responded that workforce issues hinder his capability to move forward. If the workforce is not rolled up then the agency will not be able to respond to cyber incidents, he explained. Guy Cavallo, Deputy CIO at SBA, agreed and stated that workforce gaps in cyber play a role in the challenges he faces. “Do we have the workforce and if not, is there a contract we can use to fill the gap? Right now, contracting and hiring are both just too hard.”

However, several panelists offered up their solutions to engaging their internal government workforce, building a pipeline of future employees and the ways contractors can help in both.

Cavallo stated that there are three approaches to radical change: leverage the federal staff and take the time to get them re-trained, contract everything out quickly to move faster and then train staff in one day upon contract completion or third, a hybrid of the two, put federal staff with contractors side by side the whole time to learn as they go. This third method seemed to be the most successful at SBA.

At the FBI, Deputy Assistant Director of the Cyber Division, Howard Marshall, described an intense six month internal training program for staff in a non-related cyber role. Training entails a combination of classroom learning and hands-on assignments over the prescribed period. Moreover, the bureau is starting to recruit future employees at the high school level, conducting early background checks and offering paid summer internships during college years in the hopes of selling the mission by the time those students graduate.

Perhaps it was Scott Finke, IT Senior Advisor of the Architectural Research Service at USDA, who described it best when speaking of workforce and modernization. “A key effort in modernization will be ensuring the success of the people, those carrying out the modernization efforts because no system runs itself.” Finke explained that training plans and strategies were being baked at the onset in the upcoming initiatives the Centers of Excellence (COE) plans to achieve at the agency.

Low Risk, High Impact

Keynote speakers and panelists stated at multiple times that modernization cannot initially take place with high-risk projects due to the amount of auditing and security threats the government faces. Rather, modernization in technologies must begin with smaller, low-risk projects.

When discussing cloud computing, Finke stated it is the USDA’s intended outcome to have an enterprise-wide cloud strategy with implementation momentum. To achieve this, DHS will start with areas of “low hanging fruit” and then move to applying the cloud in mission critical systems. Likewise, Marshall from the FBI stated that AI is being implemented at the micro level right now. The technology is not being used at entire field offices, much less at a macro level for the agency. Mittal Desai, CISO at FERC, agreed with the “small to big’” approach when it comes to implementing On-going Authorizations (OA) for systems. Desai stated that his agency decided to move everything to OA at once and encountered several issues in doing so. Instead, he recommended starting with smaller systems and scaling out, breaking out implementation by control steps and eventually applying OA to all.

However, Adrian Monza, Chief of the Cyber Defense Branch at CIS/DHS, offered a bit of a different perspective when it came to implementing OA. While he agreed that OA must be implemented one piece at a time, he stated that his office started with a system that would have a high-impact on the agency. While admitting it was a calculated risk, Monza stated it was easier to implement from an organizational alignment standpoint. Working successfully on a project with high-impact paved the way for further initiatives to take place, he explained.

Industry Help

When it comes to modernization, how does industry play a role in addition to filling workforce gaps, providing training and targeting specific projects within Government? By understanding the missions of the agencies and sharing successful use cases with key government leaders. For example, Evan Lee, CTO at HHS, states that AI is not only a software or package the government can go and buy. It is not an all-in-one solution. Rather, it is a part of the process to solving problems. Thus, those in industry must look at the mission and understand its problem gaps and apply the solutions there.

Moreover, when it comes to modernization, government is depending on industry to inform them of what is out there and why it should be implemented. Edward Davis, Deputy CIO at the Corporation for National and Community Service, explained that when the agency began looking at cloud a few years ago, he turned to his own contractors to communicate with him the cloud perks and options available. When it comes to shared services, Davis continued, there is little incentive for agencies to take on such a service aside from federal mandates. Contractors could be helpful in this area by presenting success stories to convince government to be more adept to shared services.