The votes are in for the 2025 FedScoop.

See the winners!

Where DOD’s telework goes from here

The Department of Defense took all of a handful of weeks to get millions of workers on a virtual environment that allowed them to take the meetings and PowerPoint presentations typically hosted in conference rooms and conduct them in their homes. Called Commercial Virtual Remote, it was one of the largest technology lifts the massive enterprise had ever undertaken — and it was just the start.

The DOD is in the closing months of an even bigger lift, what it calls its “enduring” telework solution. But even calling it just a “telework” solution is underselling its scale. It’s a whole suite of systems, from Microsoft’s OneDrive to Excel, that the DOD says once fully rolled out will allow those working from the Pentagon and at home to access a full desktop of services.

It’s the type of work-from-anywhere solution long wanted in the government but that has been difficult to achieve due to security concerns.

“This is darn impressive when you look at where we started,” John Sherman, acting chief information officer of the DOD, told FedScoop in an interview.

Where DOD started was, in the words of one former high-ranking official, “disconcertingly retrograde.” Work collaboration tools that could be accessed outside of the Pentagon and physically off of its internal internet, the NIPERnet, were hard to come by.

The new “enduring” solution, coming mid-June, has been dubbed “DOD365.” Users can expect all the collaboration tools CVR provided, and then some, with added security layers the Pentagon is implementing on the systems.

“Our enduring capability is going to be with us for a long time,” Sherman said.

While DOD is billing its new solution as an expansion away from CVR, some functionality for users will be lost. Currently, CVR allows for any devices — be they personal laptops, cellphones or tablets — to log into the network and access low-security collaboration tools. Come summer non-government-provided cell phones and tablets will not be granted access, and personal computers will need a Common Access Card reader to add another layer of security.

“DOD 365 is not a replacement for CVR,” Sherman said. Instead, it has been a “parallel” effort that targets similar problems with more robust solutions.

Another difference is the backend configuration for the cloud systems that will support the suite of applications. Whereas the CVR was stood up so fast that DOD’s cloud management office had to work literally around the clock to support the launch, DOD 365 is being supported by a multi-tenant cloud system.

The first steps were taken with the 2019 award of the $10 billion Defense Enterprise Office Solutions contract, the DOD’s back-office IT award, not to be confused with the department’s other $10 billion contract for a tactical “war cloud” called the Joint Enterprise Defense Infrastructure (JEDI).

The “federated” approach in allowing agencies and services to stand up their own cloud tenants should ensure that members of the Cloud Computing Program Office don’t need to stop showering and sleeping to ensure the DOD can keep working, as they did during the CVR rollout.

“They are the heroes of the CVR,” Sherman said of the cloud office. “CVR was very centrally managed in [the office of the] CIO.”

Many tenants, but one focus on cybersecurity

Behind the scenes, IT and cybersecurity professionals are working across the department to implement the multi-tenant cloud architecture with advanced security measures approved by the Office of the CIO and Gen. Paul Nakasone, head of the National Security Agency and U.S. Cyber Command. The list of agencies working on the system is almost as long as those who will eventually use it, with a series of working groups and task forces assigned different aspects of the rollout.

There are “a lot of moving parts to this,” Sherman said.

Each of the services will have their own tenancy and the Defense Information Systems Agency (DISA) will support one for the Fourth Estate, the constellation of support agencies.

“This really is a super team sport,” Sherman said.

Not all of those moving parts will be in place by mid-June, but the majority of users are expected to be migrated over by then. And if vaccine distribution continues at pace, the Pentagon is expecting the demand on CVR to go down as more people can safely return to work.

As the program continues development, Sherman said his office’s most critical focus is ensuring the security of the system and its data. With so much of DOD’s work soon to be done on the system, it will be a ripe target for adversaries. Sherman is working to thwart ongoing threats with the added security layers beyond the usual systems.

“By goodness do we need to do this safely,” he said, in his Texas twang.

Part of that safety will come down to users and communicating effectively on what can and can’t be done on the system. It’s a tall order to convey to a force deployed around the world, but one Sherman said his office will be focused on for the next several months.

“This is one of the biggest lifts I have ever done,” he said.

This story is part of a FedScoop special report on the Future of Telework. Read the rest of the report.

Remote work doesn’t mean the end of discovery sprints

Remote work makes it harder for agencies to run discovery sprints to understand problems with their information technology systems, but not impossible, according to U.S. Digital Service technologists.

The federal government’s fix-it team often runs two-to-four-week discovery sprints with new agency partners to better understand their organization, systems and services. And the global pandemic has undoubtedly made the face-to-face interviews such sprints generally require less practical.

That’s one of the reasons why USDS released a Discovery Sprint Guide as an open-source reference for agencies doing similar work updating technology.

“I saw a lot of the same types of questions and challenges come up repeatedly across different types of sprint efforts,” Kat Jurick, who co-authored the guide with Jenn Noinaj, said in an interview. “We had been kicking around the idea of updating our internal sprint documentation for a while, and it just became clear that we needed to write this guide.”

Discovery sprints require interviews with tech owners and users, observation of processes, data analysis, and code reviews — all to ensure any updates accomplish the agency’s mission, Noinaj said.

None of that is as easy when agency employees are working remotely and travel raises health concerns during a pandemic.

Rather than expecting the usual results of a normal discovery sprint, technologists must find creative ways to connect with partners outside of established meetings as quickly as possible, according to the guide. Preplanning the sprint schedule is also crucial.

Knowing what meeting and collaboration tools most people participating in the sprint use will help prevent interviews from developing into tech support calls, according to the guide. Most agencies already use enterprise-wide tools like Webex, Zoom, Google Meet, Microsoft Teams, Skype, Slack, Mural, and Miro that interviewees won’t need to download, but practice sessions can help ensure things run smoothly.

Agencies should plan where interview recordings, ideally made using remote meeting tools, will go and who can access them ahead of time, according to the guide. Secure access prevents sensitive information revealed during screen sharing from becoming public. And test accounts, redacted screenshots, collaborative diagramming and other research artifacts can all be agreed on in advance.

Interviewers should avoid the temptation to open remote meetings to observers, thereby tainting the interview.

“If you are using software that allows the interviewer to control the environment, it may still be fine, but one random observer who doesn’t mute their microphone can quickly tank any trust you have built up during a session,” reads the guide.

Remote team check-ins are needed for regularly touching base when writing the sprint report, and report delivery may be the one time when an in-person meeting is warranted — that or a more polished presentation, according to the guide.

Discovery sprints fail when the team lacks access to buildings, assets and people — the biggest challenge during a pandemic. That said, many agencies have successfully shifted to 100% telework one year into the crisis.

For instance, the Department of Homeland Security chief information officers made sure every agency had teleconferencing and file sharing and access capabilities. And productivity rates improved as much as 25% as a result, said Kenneth Clark, chief data officer at Immigration and Customs Enforcement, during a recent ATARC event.

ICE was already embracing more mobile, agile operations when the pandemic hit. Now the agency is considering where it can save on real estate and IT infrastructure costs by having employees continue to telework or rotate into the office occasionally.

“I think COVID forced us into having that model of remote access and teleworking,” Clark said. “But we already had been looking at how we’re going to be able to move in the new era of trying to increase efficiencies.”

This story is part of a FedScoop special report on the Future of Telework. Read the rest of the report.

5 priorities for the federal RPA Community of Practice in 2021

Agencies plan to generate demand and optimize processes for automation in 2021, among three other priorities announced by the federal Robotic Process Automation Community of Practice’s executive sponsor on Tuesday.

The RPA CoP consists of more than 1,000 employees from 65 agencies planning to encourage their components to invest resources in targeted automations after standardizing business processes, said Gerard Badorrek, who’s also the chief financial officer at the General Services Administration.

GSA has an “Eliminate, Optimize and Automate” program Badorrek wants the RPA CoP to expand governmentwide.

“One of the first pilots we looked at doing, we realized we could simply eliminate the process,” Badorrek said Tuesday during ACT-IAC‘s Digital Transformation Summit.

The RPA CoP has already released a Federal RPA Program Playbook and State of Federal RPA Report and is planning to issue an Eliminate, Optimize, Automate Handbook on process optimization later this year.

Other practice areas the RPA CoP is focusing on are:

The RPA CoP is also placing an emphasis on peer-to-peer engagement this year.

“We want to set up some mentoring between agencies that have solved problems and that are more advanced with agencies that are starting the process,” Badorrek said. “I think that’s going to be a tremendous opportunity for us.”

The RPA CoP already created a use case inventory categorizing RPA instances by functional areas like finance, procurement and human resources. Next, it will update that inventory with common agency RPA applications.

At the same time, the RPA CoP is discussing the possibility of the first governmentwide automation and what that might look like, Badorrek said.

Government made “good progress” on RPA from 2019 to 2020 with 23 agencies responsible for more than doubling the total number of automations from 219 to 460 projects, according to the State of Federal RPA Report.

Agencies saw a 70% increase in average RPA program maturity with eight programs advancing from Level 1 maturity and five reaching Level 4 for the first time as government takes on more complex business processes.

The RPA CoP gauges maturity based on four factors:

Badorrek wants to see even more aggressive implementation of RPA projects in 2021 with more mature agencies taking the lead on collaborations.

“First we need to take an approach that large-scale, governmentwide implementation of emerging technologies is much more effective working as a team,” Badorrek said. “Rather than as individual agencies running their own races.”

CMMC Accreditation Body sees more board members depart

The third-party accreditation body working to implement the Department of Defense‘s new contractor cybersecurity standards announced the forthcoming loss of two key board members recently, the organization announced Tuesday.

The departures of Ben Tchoubineh and Nicole Dean came as a normal part of the Cybersecurity Maturity Model Certification Accreditation Body’s development, leaders of the board said. Both were founding board members, volunteering since the CMMC-AB was incorporated in January 2020 to oversee the accreditation, education and certification process for assessors enforcing DOD’s new CMMC standards.

No new members have been announced to replace the departing members, but both will remain on board to train their replacements.

“Their efforts leave us well-positioned to move forward with a world-class training program,”  Karlton Johnson, CMMC-AB board chair, said in a statement about the two departures.

Tchoubineh, the president of several cyber-training companies, led efforts to stand up training oversight for the Accreditation Body. His departure comes as those training policies are being revamped after an initial round of feedback from industry, including making training compliant with the Americans with Disabilities Act.

“I’m exceedingly proud of the work that the CMMC-AB Board has accomplished to stand up a world-class Accreditation and Certification body in just 15 months and with few resources,” Tchoubineh said in a statement. “I’m humbled and grateful to have worked with so many incredibly selfless and accomplished patriotic volunteers who stepped up to do what’s needed to secure our nation.”

Tchoubineh’s companies could become eligible for contracts and partnerships with the AB to deliver training services once he fully transitions off the AB. While a board member, he has been forbidden by the AB’s code of ethics from any self-dealing. But once gone, those restrictions are lifted on his businesses pursuing work in the CMMC ecosystem.

“As Board members transition, they will be expected to adhere to the Conflict of Interest documents they signed and conduct themselves accordingly. The board remains diligent towards employing strong ethics in all of the organization’s actions and activities,” the AB said in a statement to FedScoop regarding conflicts of interest.

Dean, who is chief information security officer of Accenture Federal Services, has been one of the few women to serve on the AB. In the first months of the AB’s development in 2020, she often led webinars and public communications about the AB’s progress.

“During my time on the CMMC-AB Board, we’ve accomplished many things, and I look forward to building on our successes as a member of the CMMC-AB’s Industry Advisory Council,” Dean said in a statement. “The relationships we’ve forged with the DoD over the last year will ensure the CMMC-AB is able to deliver critical cybersecurity standards for the defense industrial base.”

The board is in the process of trying to recruit full-time professional staff to transition from its current focus on minute details to becoming more of a strategic adviser, a goal it has been trying to achieve for months. 

Carr: FCC must continue freeing up spectrum for 5G

The Federal Communications Commission must continue to free up wireless spectrum, often used by federal agencies, for commercial 5G services if the U.S. wants to maintain its leadership in the space ahead of competitors like China, said Commissioner Brendan Carr.

The senior Republican on the commission proposed a spectrum calendar to free up and auction off airwaves as quickly as possible, during an American Enterprise Institute event Monday.

During the Trump administration, the Republican-controlled FCC opened up more than 6 gigahertz of spectrum for licensed 5G services, in addition to thousands of megahertz of unlicensed spectrum, a trend Carr wants to see continued.

“We need to be clear-eyed about our spectrum policy going forward,” Carr said. “Whether we like it or not, freeing up more spectrum requires FCC leadership that accumulates political capital and has the willingness to spend it.”

Carr’s spectrum calendar for 2021 calls for:

In 2022, Carr wants the FCC to hold an auction for the 1300-1350 MHz band, which federal agencies could vacate by next year, and another auction in the 42 GHz millimeter wave band.

For 2023 and beyond, Carr envisions auctions in the lower 3 GHz band; 4.8 GHz band, which other countries have licensed exclusively for 5G; and portions of the 7.25-8.4 GHz band.

As for 5G infrastructure, Carr wants the broadband maps Congress gave the FCC $98 million to complete finished this fall and not next year.

“Getting those maps is the key to unlocking the funding that will be needed to close the digital divide,” Carr said. “If we need to allocate more agency resources to this effort, then we should do it.”

Carr desires a version 1.0, minimalist approach to the maps to streamline the process. They need only contain information needed to allocate money from the Rural Digital Opportunity Fund Phase II and 5G Fund, Carr said.

The Republican-run FCC practiced a “light touch” approach to infrastructure regulation, and the Democrat-led FCC should continue to make it easier to build 5G infrastructure on federal lands, Carr said. A Federal Lands Desk should be designated to coordinate with federal agencies, he added.

Carr also urged the creation of thousands of tower technician and telecommunications crew jobs in partnership with trade schools and cautioned against subsidizing “overbuilding” in the form of new entrants in the 5G space.

Restoring net neutrality, which would prevent internet service providers from charging different rates depending on the type of communication, is a big issue for Democrats. The Republican-run FCC overturned those protections, and Carr argued the successful performance of U.S. networks during increased pandemic traffic levels was proof it was the right decision.

China has seen a 40% reduction in download speeds, and European countries asked Netflix to reduce its video quality during the pandemic, Carr said.

“We should also see the push for the return to Title II Net Neutrality for what it is: a push for rate regulation,” he said. “Those backing this misguided policy simply refuse to accept the reality that the internet has flourished since we repealed the ill-advised Title II regulations.”

Army working on new cyber, electromagnetic weapons after large-scale test event

The Army recently concluded a large event that tested new cyber and electromagnetic spectrum weapons in its tactical operations.

The event, Cyber Quest 2021, was hosted by Army Futures Command and brought in users from across the service to test 15 new technologies from more than a dozen vendors, senior leaders told reporters Monday. Many of the lessons learned from the 13-day event will be put into procurement requirements documents for new technologies the Army is focused on as part of its broader strategy to deter great power conflict.

“This is unique because of the dialog it allows,” said Maj. Gen. Neil Hersey, commanding general of the Army Cyber Center of Excellence that helped lead Cyber Quest. Hersey said the partnership with industry was a rare opportunity to get new tech into the hands of on-the-ground operators and allow for vendors to receive feedback.

One of the new parts of the annual exercise was a close partnership with the Army Maneuver Center of Excellence at Fort Benning in Georgia. It’s a partnership that’s expected to continue as the Army tries to ramp up the development of robotic vehicles and operations that will rely on networking units together.

“The exercise really is the first of its kind that we have done,” Hersey said on a call with reporters.

One of the exercises during the event had a platoon of soldiers tasked with defending an airbase in the Indo-Pacific against a simulated attack. The team was able to operate anti-jamming radios and track enemy movements by their electromagnetic signatures.

Troops on the ground used new tools to detect enemies, send data back up the chain of command, have it analyzed and then sent back — something that often takes longer than they can afford. Soldiers were even able to link a small drone to their network to inform movements.

Building anti-jamming radios and other electromagnetic-spectrum manipulation tools is a new tech-focus for the military after two decades of relatively low-tech conflict. The Department of Defense sees these types of tech as critical in thwarting war with China, the U.S.’s No. 1 strategic competitor. U.S. military leaders anticipate China would be very technical in its maneuvering, deploying cyberattacks, satellite jamming and network interference in a battlefield scenario, something American forces have not recently experienced.

The Army also tested the use of an offensive cybersecurity measure of using code that can mask some of the signatures of an American-led cyberattack. The highly secretive tool is one of the ways the U.S. wants to ensure its offensive measures are not traced back to the homeland, Col. John Transue, acting director for Army Cyber-Capability Development Integration Directorate (C-CDID).

The code uses pattern recognition to obfuscate the digital signatures left by cyber warriors. Developed by Accenture, it would not only be used by the Army but across the cyber workforce and be able to be “changing from mission to mission,” Transue said.

The larger tests during Cyber Quest 2021 will play an important role in the Army’s drawn-out acquisition process. 

“The testing that goes on helps inform the requirement documents,” Col. Chris Haffey said on the call with reporters.

The tests are one way to talk directly with industry and have soldier feedback on products within the confines of the traditional acquisition process, moving the military away from arduous and complex requirements-writing.

“This year was about seeing what we could do together,” said Maj. Nelson Reynolds, a United Kingdom exchange officer stationed at Army Futures Command who worked on Cyber Quest.

Government agencies harness RPA ‘bots’ to build capacity, improve services

Federal and state government workers are beginning to benefit from a growing army of digital robots designed to streamline agency workloads and quicken the delivery of public services.

The robots — or more accurately, robotic process automation (RPA) applications — are gaining widening adoption across government agencies, according to a new survey of federal and state government business, program and IT officials.

robotic process automation

Read the full report.

More than 6 in 10 federal respondents — and 4 in 10 state respondents — in the survey said their agency now uses RPA technology to facilitate work. And it appears the momentum for using RPA technology is building quickly in government. Of those at agencies putting RPA to work, two-thirds have begun piloting, or deploying RPA within the last 12 months.

The findings are based on a new survey, completed by 167 prequalified executives at federal and state government agencies, responsible for their agencies’ business, program or enterprise operations, including IT, customer service and acquisition officials. The survey was conducted by FedScoop and StateScoop, with underwriting support from UiPath, a leading provider of RPA software solutions

Among other key findings:

Because RPA requires little or no coding, and can be deployed with minimal training, it is relatively easy for employees to apply it successfully to automate all kinds of business processes and online services, according to James Walker, chief technology officer for public sector at UiPath.

The study suggests that once RPA’s benefits are demonstrated in one area, it opens up consideration for uses elsewhere.

But RPA also provides a way to help budget-constrained agencies boost capacity, observed Walker. “Automation can begin to liberate agency staff from repetitive, lower-valued — but necessary — work and enable them to focus on higher-valued tasks needed to achieve their mission.”

Read the full report, “RPA’s expanding role in government,” for the detailed findings, or contact automation@uipath.com to learn more about automating workflows.

 This article was produced by FedScoop and StateScoop and underwritten by UiPath.

Coast Guard adding Wi-Fi to cutters, tablets to command posts

The U.S Coast Guard, a year into its self-described “tech revolution,” is working to install Wi-Fi on its cutters to increase connectivity and modernizing other legacy systems in command posts.

The “underway Wi-Fi” will be added to two cutters this year in a pilot program, Adm. Karl Schultz, commandant of the Coast Guard, said in his State of the Coast Guard address last week. The pilot program, meant for vessels that are not at anchor, aims to also help guardsmen stay connected to family while deployed, a capability currently limited by the ’90s-era tech Schultz wants to replace.

The guard will also be replacing old desktops in command posts with mobile “two-in-one tablets” that will give leaders the ability to work from anywhere. Approximately 3,000 tablets will also be distributed to training centers across the country.

“At last year’s State of the Coast Guard, I announced a ‘tech revolution,'” Shultz said. “Since then, we’ve leaped-frogged ahead and — with the help of Congress — put the Coast Guard on a much better trajectory with regard to [command, control, communications, computers, combat systems and intelligence].”

The Coast Guard has struggled to modernize its systems, its leaders have said. Many of the systems that directly impact operations like countering drug smugglers or rescuing distressed vessels had to operate with limited connectivity and data. Watchdog agencies also found vessel tracking systems contained duplicate and faulty records due to a lack of automation.

Since his last State of the Coast Guard address, Schultz said the service has made some concrete progress with the launch of new apps and moving to systems that could support teleworking.

“In the past year, we’ve migrated to a cloud-based suite of collaboration tools and have increased the ability to connect our workforce, whether that be improved cutter connectivity both underway and in-port, or greatly enhanced telework capability,” the commandant said.

Much is left to be done, Schultz acknowledged. Work is still underway to modernize financial systems and other administrative tasks still largely done by hand. Schultz committed to using “big data” to further reduce costs.

The Coast Guard continues to rely on outside help for cybersecurity. About 20 cybersecurity auxiliarists — volunteers that work part-time — are now assisting on research and development projects to keep data secure from hackers, Schultz announced.

First TMF award of 2021 comes hours after watershed $1B appropriation

The Department of Labor received $9.6 million from the Technology Modernization Fund to update its enterprise data platform, less than a day after lawmakers put a historic $1 billion into the funding vehicle.

DOL will use its funds to improve the availability and accessibility of data for other agencies, developers and researchers, as well as improve evidence-based decision making across its enforcement, compliance and unemployment insurance missions.

The TMF award is also a win for the three-year-old fund itself, which had only garnered $150 million in total appropriations prior to President Biden signing the American Rescue Plan Act into law Thursday.

“Technology is a key enabler for government in providing better services to the American public,” said David Shive, chief information officer at the General Services Administration and a TMF Board member, in the announcement. “The news of the Technology Modernization Fund getting a $1 billion boost from the American Rescue Plan couldn’t have come at a better time, and the TMF Board looks forward to receiving more project proposals like this one from DOL to consider for investment.”

The TMF serves as a streamlined way for agencies to get the money they need to upgrade aging and obsolete information technology.

DOL received one TMF award previously to make its paper-based work visa application process digital in 2018 for a $2 million annual savings.

The latest award comes on TMF’s third anniversary, having funded 11 modernization projects across government to date.

“With this first project approval of 2021, the TMF Board is reinforcing its commitment to invest in federal technology modernization initiatives that enable agencies to better deliver their services to the American public,” said Maria Roat, deputy federal CIO and TMF Board member, in a statement.

How CDM data can drive federal cyber strategies

When the federal government launched its Continuous Diagnostics and Mitigation program, it was intended to give agencies the tools they needed to know definitively who and what assets were operating on their networks, with the goal of reducing cyber risks.

A growing number of agencies, however, are on the cusp of gaining a far more powerful view of their network operations and overall cybersecurity posture, says Frank Dimina, vice president, America and public sector, at Splunk, in a new report.

Read the full report.

What agencies and program leaders are starting to appreciate now, he says, is how the CDM program is generating a treasure trove of dynamically-integrated IT operating and security data, capable of helping agencies establish a more comprehensive view of their security posture.

“The added integration and analytics capability of CDM, compared to the underlying monitoring systems, is equivalent to going from looking at snapshots from a point in time, to having the fidelity of a live video feed,” says Dimina, in the new report, “Leveraging CDM to federal cyber strategies.”

The report, produced by FedScoop and underwritten by Splunk, features a series of articles and commentary perspectives that highlight how CDM is poised to help agencies improve their IT operations as well as their security.

One of the ongoing challenges agencies face — and where CDM’s automation capabilities are seen as a potent solution — lies in managing the explosion of data flowing into security and network operation centers from a widening array devices, sensors and applications, says Michael Guercio, business development and strategic program manager at Splunk. That leads to a related challenge of how to remediate a growing number of vulnerabilities.

“Remediation is still a manual process that requires IT teams to allocate valuable time and resources,” he says in the report. “That’s where one of CDM’s underappreciated capabilities comes into play. In addition to the ability to stitch together information from multiple sources, CDM’s tools also provide the ability to automate the execution of identification and potential responses, based on agencies’ most critical threats, their risk posture and their risk threshold.”

Guercio points to Splunk’s Phantom platform as example of the kind of tools available through the CDM program that are available to help agencies with those challenges.

Phantom provides an orchestration automation and response technology to help correlate data and create a single picture of the agency’s cybersecurity posture. “It also can automate remediation processes and augment existing NAC technologies across the tool stack,” he says.

“It doesn’t matter if an agency is using ForeScout, or if they’re using Cisco ISE, or even within a more federated agency’s IT organization. Phantom provides the automation of these tools into one service so that agencies have a single, easy-to-interpret view with checks and downstream actions initiated without human intervention.”

The report also highlights how CDM has helped agencies reduce operating costs, by identifying under-utilized assets and software licensing costs.

Read more about how CDM data integration and security analytics are enabling real-time visibility and operational efficiencies at federal agencies. And learn more about Splunk’s “Data-to-Everything Platform” capabilities for the public sector.

This article was produced by FedScoop and sponsored by Splunk.