Cloud computing has become virtually synonymous with IT modernization throughout the Federal government. But the government’s cloud record has been anything but consistent and predictable, making the effort to measure progress and plan for IT modernization efforts called for by Congress and the Trump administration nearly impossible.
These two challenges—modernization of Federal IT systems and the need to move to more cost-effective and agile cloud architectures—will likely go down as two of the biggest frustrations of former Federal Chief Information Officer Tony Scott, who pushed hard and valiantly to steer the ship of government in these directions.
But Scott, along with the help of the Federal CIO Council, left the incoming Trump administration with an invaluable treasure trove of insights into the State of Federal Information Technology in a report released just one day before President Donald Trump took office. In candid interviews with Scott and dozens of CIOs, deputy CIOs, chief information security officers, and numerous Federal IT managers, the 155-page report characterizes 2017 as a “crossroads” for Federal IT policy, oversight, and modernization, particularly in the area of cloud computing.
Federal agencies are projected to spend more than $2 billion on cloud computing services out of a total of $80 billion in IT spending in FY 2016. “However, while agencies see value in adopting cloud-based solutions they continue to face challenges in doing so,” the report acknowledges. “Longstanding Federal procurement policies, geared towards long-term, large-scale investments, do not always support the more incremental, agile acquisition model (e.g., only buy additional capacity when it is needed) offered by cloud providers.”
CIOs also reported significant instances of confusion about Federal cloud policies and the impact those policies have on cloud service providers. “For example, the implementation of Trusted Internet Connections (TIC) requires the usage of specific government and commercial access providers, with validation checks provided by the Department of Homeland Security. A number of agencies stated that it was unclear as to whether their cloud-based providers were TIC-compliant, and the issue was further complicated by uncertainty over which policy should take precedence,” the report states.
“Additionally, the risk of vendor lock-in and concerns around multi-tenancy and data sovereignty continue to be issues,” according to CIO input to the report.
Security remains a central issue for CIOs as they contemplate moving Federal data to the cloud. And when it comes to Federal cloud security, the 800-pound gorilla sitting in CIO offices across the government is the Federal Risk and Authorization Management Program (FedRAMP), established by OMB in 2011 to provide a standardized approach across agencies for conducting security assessments, authorizations, and continuous monitoring of commercial cloud solutions.
But Federal cloud adoption rates continue to suffer. As a part of 2016 PortfolioStat, OMB set a governmentwide target of 15 percent for cloud computing adoptions. “Currently no agencies meet that level,” the CIO Council report states. “OMB also looked at FedRAMP utilization as a proxy for success adopting cloud computing solutions, but until the 2016 launch of the FedRAMP Dashboard, it was difficult to evaluate the level of agency re-use of FedRAMP packages for additional cloud provider authorizations.”
MeriTalk has documented the many trials and tribulations of the FedRAMP assessment process, including the high cost and lengthy procedures involved in obtaining a FedRAMP certification, as well as the lack of transparency in the program and the failure of agencies to share authorizations. Despite a concerted effort by the FedRAMP program office to streamline the certification process, the CIO Council report reveals that many of the same challenges continue to frustrate CIOs.
In a startling conclusion, the CIO Council report stated, “FedRAMP has not accelerated safe adoption of new cloud services.”
CIOs reported frustrations with the program’s inability to deliver on the central promise of assess once and use many times across government. In addition to not being able to find other agencies’ authorization packages for cloud services for potential reuse, there are still serious frustrations about unrealized cost savings and the need to conduct separate authorizations.
“Even once FedRAMP has issued an approval, I still need to do my own [certification & accreditation]–where is the cost savings?” one Federal CIO said. “Others indicated that FedRAMP takes so long to authorize a provider that it is not in the agency’s interest to participate. Further, even if a FedRAMP authorization is in place, the agency must conduct its own complete ATO,” the report states.
To learn more about effective cloud computing strategies, join MeriTalk on Feb. 8 at the Rayburn House Office Building for a Cloud Computing Caucus Advisory Group Hillversation. Hear from Federal and state agencies on their cloud strategies and how government can navigate the journey to the cloud. Click here for more information.
CIA historians have written entire books on how agency officials and analysts should get to know different presidents and how to most effectively communicate vital intelligence information to the most powerful person in the world. The truth is it has very little to do with the intelligence collected on Russian hacking activities. Many of those same officials—all of whom spoke on condition of anonymity due to the sensitivity of the subject matter—describe an already tumultuous web of relationships among the most 
Coalfire, the No. 2 FedRAMP 3PAO, announced last month it has acquired Veris Group, the leading provider of the mandatory security assessments for cloud service providers that want to sell their products and services to Federal agencies. The acquisition gives Coalfire nearly five times the number of FedRAMP authorizations as 
The inspector general for the Department of Homeland Security lodged an objection to the way the Transportation Security Administration handles information it deems Sensitive Security Information in a recent report on IT system security. TSA redacted six pieces of information that it considered SSI from the report. However, this information had already been publicly released in previous OIG reports. “None of these redactions will make us safer and simply highlight the inconsistent and arbitrary nature of decisions that TSA makes 
The report said that President Obama made the mistake of expecting that the incorporation of Silicon Valley executives in decision-making would automatically advance the United States’ cybersecurity prowess. The government is a complex system with different rules, relationships, and procedures than the typical technology company, which is one reason why these partnerships haven’t worked, according to the report. “There is no technological solution to the problem of cybersecurity, at least any time soon, so turning to technologists was unproductive,” 
The app is significant because of President-elect Donald Trump’s promise to issue a temporary moratorium on new agency regulations that are not compelled by Congress or public safety in order to encourage businesses to hire more workers. Trump also announced that “for every one new regulation, two old regulations must be eliminated.” The app allows users to search for regulations based on when they were completed, if they’re still being reviewed, or by agency. There are 96 regulations pending and 98 regulations recently concluded 
More and more Federal agencies will adopt bring your own device policies in 2017, and industries will keep up with solutions to secure the devices, according to Glenn Roth, Citrix senior systems engineer for U.S. public sector. Several Federal agencies, including some of Roth’s customers, already have BYOD policies, which allow employees to work on their own laptops or tablets. The system of allowing employees to use their own devices offers opportunities for agencies to save money on Federally funded devices. Also, Roth said that employees are generally more comfortable working on their own computers than on 
The U.S. government has not done enough to support the Internet of Things, which could cause the nation to miss out on social and economic benefits, according to a Center for Data Innovation report released last week. The report acknowledged that the government has participated in many small projects to help IoT, but these projects are insufficient to foster the growth of this technology as quickly as would be “desirable.” The report suggested a large-scale, coordinated government effort, such as a national strategy for the Internet of Things. The act also advocated for a national IoT strategy. “As the Obama administration draws to a close, it is unlikely the Federal government will make significant additional progress toward a national strategy,” 
As the holidays roll around, the MeriTalk staff compiled a list of helpful technology gifts for agency employees. The gifts range from serious to silly depending on each agency’s mission and technology needs. Check out
During the event, consortiums were touted as a way to address important S&T issues. The industry day, held on Dec. 5 in Menlo Park, Calif., served as a way for tech start-ups to learn about funding opportunities within S&T. The department has hosted five industry days prior to this one; this particular event sought out companies that could provide defense solutions for 
President-elect Donald Trump met with technology executives Wednesday and asked them for their opinions on trade. “There are a lot of border restrictions and a lot of border problems,” Trump said during the meeting in New York. “I’m here to help you folks do well,” 
Tom Wheeler, chairman of the Federal Communications Commission, announced that he will leave the agency on Jan. 20, 2017. “It has been a privilege to work with my fellow commissioners to help protect consumers, strengthen public safety and cybersecurity, and ensure fast, fair, and open networks for all Americans,” Wheeler said in a statement. The Republican commissioners have vowed to overturn net neutrality and other Wheeler-era regulations once the commission enters 
A lack of clear technology policy established during Donald’s Trump’s campaigning and preparations as president-elect is making it difficult to determine what the future of tech policy is going to look like, according to experts speaking at an Information Technology Innovation Foundation (ITIF) 
My Capitol Hill listening post has picked up strong signals that Mark Busby, the former program manager for the Department of Justice’s Data Center Transformation Initiative, earlier this month took over as the new chief technology officer at the National Archives and Records Administration.
Tenable Network Security announced it has hired former RSA President Amit Yoran to take over as the company’s new chairman and CEO.
My Fort Meade eavesdropping station has picked up indications and warnings via the Project on Government Oversight that NSA Director Adm. Michael Rogers has recommended the termination of George Ellard as the agency’s inspector general. According to unconfirmed intelligence picked up by POGO, a review board determined that Ellard–who has publicly criticized NSA leaker Edward Snowden for not approaching the IG before leaking data to news outlets–had retaliated against another agency whistleblower.
Despite new policies designed to give chief information officers more spending power, some Federal CIOs don’t see any improvement in acquiring the technology they need to keep their systems secure. Luke McCormack, CIO of the Department of Homeland Security, said that whether or not MGT passes the Senate, systems will remain unfunded. Despite this, claims that the fund will cost about $9 billion prevent an agreement 
The Department of Veterans Affairs this week launched a new website to raise awareness of the agency’s Digital Health Platform–a cloud-based approach to integrating veterans health data to produce what the agency calls real-time, analytics-driven, personalized care. VA’s current EHR, known as VistA, is a 40-year-old system that the agency continues to modernize while it debates a potential commercial replacement. According to the new website, “DHP provides a comprehensive dashboard spanning a veteran’s 
The third and most recent FITARA scorecard was released Dec. 6. DOT, which has received overall D’s on the previous two scorecards, received an F+ this time around. A spokesperson said that the report card does not reflect the 
A majority of the 24 major agencies defined under the CFO Act are expected to meet the deadline to begin reporting their spending information. Under the Digital Accountability and Transparency Act of 2014 (DATA Act), Federal agencies are required to begin reporting their spending information to the Department of the Treasury and the Office of Management and 
Incumbent: Gundeep Ahluwalia
Incumbent: Jonathan Alboum
Incumbent: Sonny Bhagowalia
Incumbent: Sylvia Burns
Police departments across the country that received Federal grants for body worn cameras are concerned about sharing information with the agencies responsible for this funding. Some police departments have gone so far to as to say they would not share body camera footage unless Federal agencies compelled them. Body cameras that are turned on all the time can be a double-edged sword. While these constantly running devices could potentially improve officer accountability in certain cases, there are also situations in which this content 
An effort led by Sen. Ron Wyden, D-Ore., to block or delay changes to Rule 41 of the Federal Rules of Criminal Procedure failed to pass the Senate floor on Wednesday, causing the changes to the rule to go into effect at midnight on Dec. 1. The changes will allow law enforcement to obtain warrants to search computers in an unknown location and to search any device that the hacker has broken into, potentially granting access to multiple privately owned computers with one warrant. The ACLU is disappointed that Congress did not halt 
IBM suggested a new model of education, which includes six years of high school, in a letter to President-elect Donald Trump from Nov. 15. Ginni Rometty, chief executive officer of IBM, said that there will soon be 100 schools that follow this method across the country. After their third year, they’re eligible to take at least 
President-elect Donald Trump during his transition is relying on two American Enterprise Institute contributors for advice on technology policy, which consists of calls for deregulation of the National Security Agency and an end to net neutrality: Jeffrey Eisenach and Mark Jamison. Eisenach said the government should create a Federal Cybersecurity Service, a civilian agency with the NSA’s cyber defense assets and the powers of the military and law enforcement to react to cybersecurity problems without having to go through the obstacles of gaining permission from other levels of government. In Trump’s YouTube video, which outlines his plans for his first 100 days in office, he said he would allow the military to develop and use offensive cyber capabilities; however, that poses a problem for the protection of private companies that have been the 
Rep. Gerry Connolly, D-Va., spearheaded a letter signed by 15 members of the House Foreign Affairs Committee to request that the committee hold a hearing on the attempts by foreign powers to influence the U.S. presidential election. “It is our hope that a potential hearing would address what interference took place, how it happened, and how we can prevent such actions going forward, in order to preserve the integrity of the U.S. electoral process,” Connolly told MeriTalk. “Electronic security is an important aspect, but not the only potential form of foreign interference in U.S. elections.” “Ranking Member (Eliot) Engel, one of our most cherished institutions, democratic elections free of foreign interference, is in question,” 
Leaders of the University at Albany, State University of New York’s cybersecurity program are working on internship opportunities with companies in the area for students to gain cybersecurity experience. The program divided $1 million in grant funding evenly among five academic institutions to support cybersecurity education among students. Between 250 and 300 students are enrolled in UAlbany’s cybersecurity program, which includes a master’s track, as well as accounting and 
The Department of Education has plans to build a Federal database of student information, which has sparked protest from privacy groups. The Federal unit records system would include information on student performance throughout school and track students into their careers. Supporters said that the database will help inform policy decisions and enable students to make better choices when it comes to higher 
“What we need to start thinking about now is not how we defend against a President-elect Trump, but how we defend the rights of everyone everywhere,” according to Edward Snowden, the National Security Agency contractor responsible for leaking information about the U.S. government’s mass surveillance program in 2013. Snowden said the Internet is a tool that was built to empower people, but too often it is used by authoritarian governments to disempower dissenters. To overcome this problem, Snowden said that technology companies need to ensure every communication system is “protected by default” from end to end 
In the “Wild West” of augmented reality applications, the U.S. government has to balance the concerns of helping to protect consumer privacy and security while also leaving room for companies to freely innovate, according to witnesses at a Senate Energy and Commerce hearing. It doesn’t always feel like there’s a sheriff out there to help out,” said John Hanke of Niantic. On the other side of the spectrum, white hat hackers, whose aim is to discover vulnerabilities in AR software and help companies patch them, worry that they will be prosecuted for their work. “We worry that our reverse engineering or our attempts to figure out what the flaws might be with a device will be met with legal 
Agency Twitter use has become an important factor in communication between the Federal community and the public. Agencies that have the best Twitter strategy, such as the State Department, tend to have been present on Twitter for the longest and have picked up the most followers. MeriTalk studied the Twitter accounts of 15 agencies to determine number of followers, number of tweets, and year that the Twitter accounts were created to determine which agencies are the most successful on the 
The incoming Trump administration plans to get rid of 18F, the digital services team located within the General Services Administration that has been criticized recently for its spending practices, according to a senior administration official. “People that have actual IT experience will be put into positions,” said the official, who spoke to MeriTalk on condition of anonymity because of the sensitive nature of the transition discussions. Republican Donald Trump won the presidential election on Nov. 8, raising questions about what lies ahead 
Farmers should save their cows’ numbers in their phones because cows can now send farmers a text message when they’re feeling under the weather. The farmer maintains a base station that reads all of the data from each of the cows, adds the real-time data to the outdoor temperature and humidity, and then uploads it to the cloud. The system can also email a veterinarian to make an appointment for the farmer, to ensure the cow’s illness can 
The Internet of Things (IoT) is a great tool for those with disabilities, experts say, but government and industry can do more to ensure that IoT devices are accessible by all, through the implementation of universal design. “The Internet of Things offers opportunities to increase independence by reducing the need for personal assistance at home,” said Daniel Castro, vice president at the Information Technology and Innovation Foundation, adding that smart pill bottles, sensors in the home, and advances in assistance robots would enable people with disabilities to live at home or alone while still ensuring quality care. “These technologies have potentially enormous benefits for people with disabilities, but these benefits are by 
The General Services Administration will start a council of agency Web and digital directors by Dec. 8, according to a 
The National Institute of Standards and Technology announced the release of CyberSeek, an interactive map that shows cybersecurity job availability by both state and locality. At the time of publication, the map showed nearly 349,000 cybersecurity job openings nationwide and a total employed cybersecurity workforce of more than 778,000. The website also includes a Career Pathway section, which provides job seekers and those looking to get into cybersecurity careers with entry-level positions, salary statistics, and potential career pathways. The tool is also designed to help employers find areas of the country with a high saturation of cybersecurity workers, as the current market has more open positions than workers 
MeriTalk conducted a Q&A with Filippo Menczer, a professor of Informatics and Computer Science and the director of the Center for Complex Networks and Systems Research at the Indiana University School of Informatics and Computing. In May 2016, he and his team launched the Observatory on Social Media (OSoMe), a big data hub for people to analyze 
Censeo Consulting Group worked with Cyrrus Analytics and Hettinger Strategy Group to create the report “FITARA at a Crossroads.” MeriTalk summarizes the 10 recommendations. GAO would continue to audit the government’s ability to meet legislative requirements. If GAO could access OMB’s agency data, which is more detailed than the information stored by any other entity, they would be able to make more accurate assessments. The grading criteria need to reflect new fields and provide incentive for