Federal IT leaders discussed how to build mission resiliency and deliver exceptional experiences for employees and citizens by adapting their tools, people, and processes at ServiceNow’s 2021 Federal Forum on March 9.
A resilient mission depends on a resilient workforce with the ability to deliver solutions in a time of crisis, explained Katie Olson, deputy director at the Defense Digital Service (DDS).
DDS, which provides critical technologies and cybersecurity for the Department of Defense (DoD), had to surge through the pandemic to support DoD mission-readiness.
“We start from a foundation of user-centered design to help us understand what the true challenge is,” Olson shared, noting it’s important to make sure teams are solving the right problems. By simply providing access to tools for remote work, Olson’s team helped the DoD onboard thousands of employees and continue critical operations.
By anticipating future challenges and creating a plan to solve them, agencies can take a resilient approach to meet mission requirements, stated Dan Wallace, area vice president for civilian at ServiceNow.
“We’ve all seen the work the Federal government has put in,” he said, and their efforts ensure citizen services are not disrupted.
In addition to the right tools, having the right partners in place is just as important for resiliency. Teams must collaborate with both employees and external partners to carry out the mission and maximize response to disruptions.
“Our focus is on the partnerships,” said Brian Gattoni, chief technology officer at the Cybersecurity and Infrastructure Security Agency (CISA), “no one entity can do it by themselves.”
Partnerships are necessary to identify, manage, and mitigate risks – and bring together government and industry to tackle key challenges, he shared. With the right information, decision-makers are able “to make risk decisions for themselves, to improve their cyber hygiene, and … to be resilient against our nation’s adversaries,” he explained.
Through the recent SolarWinds breach incident, for example, CISA was able to leverage commercial technologies to create a tool that helps incident response teams detect potentially malicious activity.
“Private industry owns and operates north of 85 percent of the critical infrastructure in this nation. It’s critical that they have a partner in the government,” Gattoni said.
While these tools and partnerships build resiliency in government, their implementation does not come without challenges. It’s important to work with people ahead of time before introducing new tools, says Erika Dinnie, associate chief information officer for digital infrastructure technologies at the General Services Administration (GSA). This leads to shorter rollouts with fewer interruptions.
Dinnie shared her department used to have long, dense manuals. Now, when they introduce a new tool, their team holds an ‘Ask Me Anything,’ and provides a one-page visual of how to navigate the tool – efforts that make a big difference in how their employees respond.
Dinnie also said these upfront efforts pay off in the long run and lead to time and cost savings. GSA recently replaced two tools with solutions that were cheaper and were said to have the same functionality. When implemented, the tools functioned differently and were not compatible with existing platforms. “We learned that the hard way,” she said, adding, “in the end, we had to spend more money because we had to bring back similar tools.”
When it comes to building a resilient and secure infrastructure for the future, Gattoni stressed the importance of taking an adaptive approach. “Tools, people, and processes come to the forefront when a situation forces you to replace one to support the other two,” he said.
If new tools are made available but the people or processes aren’t ready for it, the team must consider “how do our processes need to adapt?” and on the other hand, “how does the tool need to be customized to accept our unique processes?” Gattoni said.
Dinnie said GSA focuses on five key pillars: Does this add value to the mission? Does this add value to employees? Does this strengthen our cybersecurity posture? What is the cost to operate? And is this innovative?
“The technology that we’re putting out there has to be a value add,” Dinnie stated, “if it is, we, we try to pursue it as much as we can.”