The votes are in for the 2025 FedScoop.

See the winners!

IT Insights: Interview with AWS financial services expert Olivia Peterson

There are a vast number of federal agencies tasked with regulating and overseeing the nation’s financial markets and institutions to ensure they function effectively and efficiently. Whether it’s to protect consumers, support fair play among businesses or ensure lenders have the credit resources they need — these agencies play a vital role in preserving the health of the U.S. economy.

But as the world becomes more digitally driven, it’s essential for federal agencies to also have the data analytics tools to keep up.

As a former Freddie Mac director and international financial services expert — and now Head of U.S. Federal Financial Services at AWS — Olivia Peterson has a unique perspective on how federal financial agencies and regulators are adapting to this fast-changing environment.

In this exclusive FedScoop interview, Peterson talks about the primary challenges federal financial officials face; and how advances in cloud computing offer more powerful tools to oversee financial markets.

FedScoop: What primary IT challenges have you seen federal financial agencies facing to meet their missions in today’s rapidly evolving digital marketplace?

FedScoop: What key steps have you seen agencies take to modernize their IT?

FedScoop:  What were some of the agency outcomes or advances that have impressed you and your colleagues at AWS? And what key take-aways might be applied at other financial agencies and regulators?

This video interview was produced by FedScoop and underwritten by AWS.

Read more insights from AWS leaders on how agencies are using the power of the cloud to innovate.

Latest ABMS tests break new barriers on AI and edge cloud capabilities

The Air Force‘s latest field test for building an Internet of Things-like system for battle added new artificial intelligence, cloud and other technical capabilities, while also linking in allies for the first time.

The Air Force hosted the on-ramp test in Europe in late February, simulating the use of its Advanced Battle Management System (ABMS) — the tech backbone to the military’s larger sensor-driven network-of-networks concept Joint All Domain Command and Control (JADC2).

The Air Force hosts these tests every few months to integrate and “on-ramp” new tech and capabilities into the complex ABMS environment.

This latest test was the first time AI was included as part of the so-called “kill chain” — the steps that lead up to firing on targets. It also was the first time the Air Force was able to swiftly move data between different platforms through a tactical-edge cloud and common data standardization repository, a critical goal Air Force leaders had previously identified.

“We learned a lot about things we do well and things we don’t do well,” Brig. Gen. Adrian Spain, director of plans, programs and analyses for U.S. Air Forces in Europe and Africa, said on a call with reporters Wednesday.

One of the things the Air Force can now say it does — but perhaps too soon to say it does it well — is use AI to dial in a target to fire upon.

Flying above the Baltic Sea, fighter jets pulled in data from the U.S. Army and Navy and other countries’ military assets to guide their high-powered missiles. For the first time, AI-powered algorithms helped process data to break out of legacy stovepipe-plagued systems, said Preston Dunlap, chief architect of for the Air and Space Forces.

“It is super exciting to be able to see that tech getting into the hands of the warfighter,” Dunlap said.

AI technologies like computer vision scanning through drone footage have been used before in ABMS tests. But this time, algorithms directly aided in zeroing in on a target, a first according to Dunlap.

It’s a major step up from the current “tech” used to fuse data: pen and paper. Officers have described walking between hubs of computer screens to jot down notes on what’s happening in the sky and on land, and then using their own human cognition instead of machine cognition to process it.

With new cloud-at-the-edge capabilities tested during the simulation, Dunlap is confident walking and talking can soon be a replaced by networks facilitating machine-to-machine communication.

“Those are pretty awesome capabilities,” he said.

Cloud at the edge

Technology vendors like Amazon Web Services and Juniper Networks came to the Balkans to help deploy cloud computing systems that aided in using the AI algorithms to fuse the data through a standardization library, Spain said.

The networks themselves also got some new networking tech boosts. Assisting the transmission of data was StarLink, Elon Musk’s satellite company that provides internet access from space, Dunlap told reporters.

Dunlap said the Air Force worked with participating vendors to ensure they followed NSA standards on classified systems, allowing the tests to transmit data over classified and unclassified networks. “This pushes the ball pretty dramatically forward,” he added.

Additionally, the test did not need any security waivers because cyber officials specializing in network authorizations were present to ensure the computing systems all remained secure, Dunlap said. “Success means you get an effective capability that is secure.”

Gen. Spain added there needs to be “deep discussion” on real-world security authorities to ensure enough data can be shared without risking adversary access to a network.

Base defense

The test also took an additional focus on how to protect bases from new threats. A major problem for bases in the age of digital warfare is defending against the small, commercial unmanned aerial systems (UAS).

Dunlap said the Air Force, along with its allies and private sector partners, tested counter-UAS technology. Systems piloted by the Air Force Research Lab were deployed in the field and tested with the new edge-cloud capabilities to detect incoming threats to Ramstein Air Base in Germany.

“Overall, I’m impressed with our warfighters’ ability to command and control a complex targeting process as well as a base air defense scenario,” Gen. Jeff Harrigian, commanding general for U.S. Air Forces in Europe and Africa, said in a release.

Budget cuts trim future tests

Due to cuts in ABMS funding, a test scheduled at the end of 2021 is now off the calendar. This latest test in Europe had to also be scaled back due to funding shortfalls, Dunlap said.

As one of ABMS’s biggest boosters, Dunlap said that new insights would be lost without further on-ramp testing.

“We uncovered things that you wouldn’t uncover in a test range environment,” he said. Further on-ramps will still occur, just fewer of them at a smaller scale. Coronavirus restrictions also forced the Air Force to scale down the number of personnel present for the tests, he said.

HHS gets new acting chief data officer

The Department of Health and Human Services has a new acting chief data officer in Kevin Duvall.

Duvall filled the role in February, according to his LinkedIn, taking over for Perryn Ashmore, CIO of HHS, who had been dual-hatted since September.

Having previously served as deputy CDO of HHS since July, Duvall was instrumental in the release of several key datasets in December showing granular hospital COVID-19 admissions and use, as well as community outcomes.

HHS has gone through its fair share of acting CDOs since the Foundations for Evidence-Based Policymaking Act, which took effect in 2019, began requiring all CFO Act agencies to appoint a nonpolitical CDO.

Mona Siddiqui had been CDO within HHS’s Office of the Chief Technology Officer to that point, when then-CIO José Arrieta claimed the departmentwide role for himself in an acting capacity.

Arrieta held both positions through the start of the pandemic before abruptly resigning in August, shortly after overseeing the launch of the system intended to inform the Trump administration’s COVID-19 response: HHS Protect.

Ashmore took over the acting CDO role on August 28 to ensure a seamless transition. His successor, Duvall, has been with HHS since April 2018.

Lack of talent — not organization — plagues CISA, says Jeh Johnson

Recruiting and retaining talent — not organization — is the Cybersecurity and Infrastructure Security Agency’s biggest challenge currently, Jeh Johnson, former Department of Homeland Security secretary, said Wednesday.

Altering CISA‘s structure after it successfully secured the 2020 election would be a mistake. But the agency needs to do a better job convincing potential hires to serve their country rather than making a buck at companies like Goldman Sachs and Citigroup or the defense industry, Johnson said.

Johnson’s comments came during a hearing of the House Appropriations Homeland Security Subcommittee, in response to Rep. Dutch Ruppersberger‘s, D-Md., musing that perhaps CISA should be spun off from the Department of Homeland Security — much like Space Force was from the Air Force — in light of recent cyberthreats. The SolarWinds hack discovered in December compromised at least nine federal agencies and was perhaps “the most devastating cyberattack” in U.S. history. But CISA is “going in the right direction” and should focus on its workforce, Johnson said.

“Some of our best cybersecurity people were stolen away by the financial services sector, who could pay them two or three times what the government pays them,” he said.

Former Homeland Security Secretary Mike Chertoff echoed Johnson that turnover, particularly at the leadership level, has been a destabilizing force across DHS of late.

The Trump administration’s focus on border security was “treated in many ways as the only issue,” to the detriment of DHS’s other missions responding to newer threats, Chertoff said.

“As demonstrated by SolarWinds and other attacks — including an attack on a water system in Florida — cyberattacks are becoming more dangerous and more frequent,” he said. “Adequately funding and giving more authorities to CISA, working with the Secret Service to respond to those attacks, is probably the No. 1 hazard that requires urgent action.”

Chertoff said it would be a “serious mistake” to remove either agency from DHS, given that physical security is often compromised ahead of cyberattacks.

For now, CISA’s place inside DHS seems assured, with Congress recently appropriating an extra $650 million in the American Rescue Plan Act for the agency.

Ruppersberger also expressed concern about CISA’s delay in submitting a quadrennial Homeland Security review (QHSR) to Congress for resource planning purposes.

“Regrettably the executive branch often does not take congressional deadlines seriously,” Johnson said. “The last QHSR — it was supposed to be every five years — was the one that I helped write in 2014.”

Northern Command undertakes new JADC2 tests to transition tech

Military commands charged with defending the U.S. and North America from attacks will conduct tests starting Thursday to implement new artificial intelligence technology into their decision-making processes.

The test events are a critical part of rolling out the military’s AI developments, the commanding general of U.S. Northern Command and North American Aerospace Defense Command (NORAD) said during congressional testimony this week. They will focus on fusing data from across sensor networks and improving decision making with data, a critical part of detecting incoming missiles and other threats in line with the military’s move to Joint All Domain Command and Control (JADC2).

NORTHCOM will host nine other combatant commands to integrate systems across different parts of the military over the five-day test event.

“We are conducting these experiments to bring everyone together,” Gen. Glen VanHerck told the Senate Armed Services Committee during the hearing. Building joint operations — where multiple services and parts of the military work in unison — is a top priority of the command.

Three “decision aid” technologies will be tested during what the command is calling Global Information Dominance Exercise (GIDE) events. VanHerck told senators that information overmatch is critical to the work of NORAD and NORTHCOM to detect and deter threats to the continent — capabilities that AI and machine learning projects could further boost.

“We must go down that path,” he said of implementing AI into decision making and data fusing, VanHerck said.

The threat detection mission has made fertile proving ground for JADC2, the new way the military wants to operate with Internet of Thing-like capabilities.

This is the second GIDE test event. The command will focus on transitioning tested technologies to users who will be able to use it in the long run. The command has already integrated some JADC2-related capabilities, like tools that give broader communications abilities to troops in the field and can monitor their positions. The new tech has also been used in Northern Command’s response to the coronavirus pandemic.

DOD names Metz permanent deputy CIO for information enterprise

Danielle Metz will lead the Department of Defense‘s enterprise information systems and IT  modernization push now as its permanent deputy CIO for information enterprise, the DOD announced Wednesday.

Metz brings years of experience to the job. She currently holds the deputy CIO job in an acting capacity, and before that served in the White House as a policy adviser to the Office of Science and Technology Policy. She has also served as the deputy director for DOD information network modernization within the DOD.

Her new role is another step up in the senior ranks of federal IT management as a critical deputy to the DOD CIO. Prior to taking it on, Peter Ranks held the position before returning to the CIA last December.

In a tweet, the CIO’s office congratulated Metz and described her as one of DOD’s “rising leaders.”

Meanwhile, the top DOD CIO role is still unfilled in an official capacity. Principle Deputy CIO John Sherman took over as acting CIO when Dana Deasy’s tenure ended at the conclusion of the Trump administration. The Biden administration has yet to nominate a CIO.

Where DOD’s telework goes from here

The Department of Defense took all of a handful of weeks to get millions of workers on a virtual environment that allowed them to take the meetings and PowerPoint presentations typically hosted in conference rooms and conduct them in their homes. Called Commercial Virtual Remote, it was one of the largest technology lifts the massive enterprise had ever undertaken — and it was just the start.

The DOD is in the closing months of an even bigger lift, what it calls its “enduring” telework solution. But even calling it just a “telework” solution is underselling its scale. It’s a whole suite of systems, from Microsoft’s OneDrive to Excel, that the DOD says once fully rolled out will allow those working from the Pentagon and at home to access a full desktop of services.

It’s the type of work-from-anywhere solution long wanted in the government but that has been difficult to achieve due to security concerns.

“This is darn impressive when you look at where we started,” John Sherman, acting chief information officer of the DOD, told FedScoop in an interview.

Where DOD started was, in the words of one former high-ranking official, “disconcertingly retrograde.” Work collaboration tools that could be accessed outside of the Pentagon and physically off of its internal internet, the NIPERnet, were hard to come by.

The new “enduring” solution, coming mid-June, has been dubbed “DOD365.” Users can expect all the collaboration tools CVR provided, and then some, with added security layers the Pentagon is implementing on the systems.

“Our enduring capability is going to be with us for a long time,” Sherman said.

While DOD is billing its new solution as an expansion away from CVR, some functionality for users will be lost. Currently, CVR allows for any devices — be they personal laptops, cellphones or tablets — to log into the network and access low-security collaboration tools. Come summer non-government-provided cell phones and tablets will not be granted access, and personal computers will need a Common Access Card reader to add another layer of security.

“DOD 365 is not a replacement for CVR,” Sherman said. Instead, it has been a “parallel” effort that targets similar problems with more robust solutions.

Another difference is the backend configuration for the cloud systems that will support the suite of applications. Whereas the CVR was stood up so fast that DOD’s cloud management office had to work literally around the clock to support the launch, DOD 365 is being supported by a multi-tenant cloud system.

The first steps were taken with the 2019 award of the $10 billion Defense Enterprise Office Solutions contract, the DOD’s back-office IT award, not to be confused with the department’s other $10 billion contract for a tactical “war cloud” called the Joint Enterprise Defense Infrastructure (JEDI).

The “federated” approach in allowing agencies and services to stand up their own cloud tenants should ensure that members of the Cloud Computing Program Office don’t need to stop showering and sleeping to ensure the DOD can keep working, as they did during the CVR rollout.

“They are the heroes of the CVR,” Sherman said of the cloud office. “CVR was very centrally managed in [the office of the] CIO.”

Many tenants, but one focus on cybersecurity

Behind the scenes, IT and cybersecurity professionals are working across the department to implement the multi-tenant cloud architecture with advanced security measures approved by the Office of the CIO and Gen. Paul Nakasone, head of the National Security Agency and U.S. Cyber Command. The list of agencies working on the system is almost as long as those who will eventually use it, with a series of working groups and task forces assigned different aspects of the rollout.

There are “a lot of moving parts to this,” Sherman said.

Each of the services will have their own tenancy and the Defense Information Systems Agency (DISA) will support one for the Fourth Estate, the constellation of support agencies.

“This really is a super team sport,” Sherman said.

Not all of those moving parts will be in place by mid-June, but the majority of users are expected to be migrated over by then. And if vaccine distribution continues at pace, the Pentagon is expecting the demand on CVR to go down as more people can safely return to work.

As the program continues development, Sherman said his office’s most critical focus is ensuring the security of the system and its data. With so much of DOD’s work soon to be done on the system, it will be a ripe target for adversaries. Sherman is working to thwart ongoing threats with the added security layers beyond the usual systems.

“By goodness do we need to do this safely,” he said, in his Texas twang.

Part of that safety will come down to users and communicating effectively on what can and can’t be done on the system. It’s a tall order to convey to a force deployed around the world, but one Sherman said his office will be focused on for the next several months.

“This is one of the biggest lifts I have ever done,” he said.

This story is part of a FedScoop special report on the Future of Telework. Read the rest of the report.

Remote work doesn’t mean the end of discovery sprints

Remote work makes it harder for agencies to run discovery sprints to understand problems with their information technology systems, but not impossible, according to U.S. Digital Service technologists.

The federal government’s fix-it team often runs two-to-four-week discovery sprints with new agency partners to better understand their organization, systems and services. And the global pandemic has undoubtedly made the face-to-face interviews such sprints generally require less practical.

That’s one of the reasons why USDS released a Discovery Sprint Guide as an open-source reference for agencies doing similar work updating technology.

“I saw a lot of the same types of questions and challenges come up repeatedly across different types of sprint efforts,” Kat Jurick, who co-authored the guide with Jenn Noinaj, said in an interview. “We had been kicking around the idea of updating our internal sprint documentation for a while, and it just became clear that we needed to write this guide.”

Discovery sprints require interviews with tech owners and users, observation of processes, data analysis, and code reviews — all to ensure any updates accomplish the agency’s mission, Noinaj said.

None of that is as easy when agency employees are working remotely and travel raises health concerns during a pandemic.

Rather than expecting the usual results of a normal discovery sprint, technologists must find creative ways to connect with partners outside of established meetings as quickly as possible, according to the guide. Preplanning the sprint schedule is also crucial.

Knowing what meeting and collaboration tools most people participating in the sprint use will help prevent interviews from developing into tech support calls, according to the guide. Most agencies already use enterprise-wide tools like Webex, Zoom, Google Meet, Microsoft Teams, Skype, Slack, Mural, and Miro that interviewees won’t need to download, but practice sessions can help ensure things run smoothly.

Agencies should plan where interview recordings, ideally made using remote meeting tools, will go and who can access them ahead of time, according to the guide. Secure access prevents sensitive information revealed during screen sharing from becoming public. And test accounts, redacted screenshots, collaborative diagramming and other research artifacts can all be agreed on in advance.

Interviewers should avoid the temptation to open remote meetings to observers, thereby tainting the interview.

“If you are using software that allows the interviewer to control the environment, it may still be fine, but one random observer who doesn’t mute their microphone can quickly tank any trust you have built up during a session,” reads the guide.

Remote team check-ins are needed for regularly touching base when writing the sprint report, and report delivery may be the one time when an in-person meeting is warranted — that or a more polished presentation, according to the guide.

Discovery sprints fail when the team lacks access to buildings, assets and people — the biggest challenge during a pandemic. That said, many agencies have successfully shifted to 100% telework one year into the crisis.

For instance, the Department of Homeland Security chief information officers made sure every agency had teleconferencing and file sharing and access capabilities. And productivity rates improved as much as 25% as a result, said Kenneth Clark, chief data officer at Immigration and Customs Enforcement, during a recent ATARC event.

ICE was already embracing more mobile, agile operations when the pandemic hit. Now the agency is considering where it can save on real estate and IT infrastructure costs by having employees continue to telework or rotate into the office occasionally.

“I think COVID forced us into having that model of remote access and teleworking,” Clark said. “But we already had been looking at how we’re going to be able to move in the new era of trying to increase efficiencies.”

This story is part of a FedScoop special report on the Future of Telework. Read the rest of the report.

5 priorities for the federal RPA Community of Practice in 2021

Agencies plan to generate demand and optimize processes for automation in 2021, among three other priorities announced by the federal Robotic Process Automation Community of Practice’s executive sponsor on Tuesday.

The RPA CoP consists of more than 1,000 employees from 65 agencies planning to encourage their components to invest resources in targeted automations after standardizing business processes, said Gerard Badorrek, who’s also the chief financial officer at the General Services Administration.

GSA has an “Eliminate, Optimize and Automate” program Badorrek wants the RPA CoP to expand governmentwide.

“One of the first pilots we looked at doing, we realized we could simply eliminate the process,” Badorrek said Tuesday during ACT-IAC‘s Digital Transformation Summit.

The RPA CoP has already released a Federal RPA Program Playbook and State of Federal RPA Report and is planning to issue an Eliminate, Optimize, Automate Handbook on process optimization later this year.

Other practice areas the RPA CoP is focusing on are:

The RPA CoP is also placing an emphasis on peer-to-peer engagement this year.

“We want to set up some mentoring between agencies that have solved problems and that are more advanced with agencies that are starting the process,” Badorrek said. “I think that’s going to be a tremendous opportunity for us.”

The RPA CoP already created a use case inventory categorizing RPA instances by functional areas like finance, procurement and human resources. Next, it will update that inventory with common agency RPA applications.

At the same time, the RPA CoP is discussing the possibility of the first governmentwide automation and what that might look like, Badorrek said.

Government made “good progress” on RPA from 2019 to 2020 with 23 agencies responsible for more than doubling the total number of automations from 219 to 460 projects, according to the State of Federal RPA Report.

Agencies saw a 70% increase in average RPA program maturity with eight programs advancing from Level 1 maturity and five reaching Level 4 for the first time as government takes on more complex business processes.

The RPA CoP gauges maturity based on four factors:

Badorrek wants to see even more aggressive implementation of RPA projects in 2021 with more mature agencies taking the lead on collaborations.

“First we need to take an approach that large-scale, governmentwide implementation of emerging technologies is much more effective working as a team,” Badorrek said. “Rather than as individual agencies running their own races.”

CMMC Accreditation Body sees more board members depart

The third-party accreditation body working to implement the Department of Defense‘s new contractor cybersecurity standards announced the forthcoming loss of two key board members recently, the organization announced Tuesday.

The departures of Ben Tchoubineh and Nicole Dean came as a normal part of the Cybersecurity Maturity Model Certification Accreditation Body’s development, leaders of the board said. Both were founding board members, volunteering since the CMMC-AB was incorporated in January 2020 to oversee the accreditation, education and certification process for assessors enforcing DOD’s new CMMC standards.

No new members have been announced to replace the departing members, but both will remain on board to train their replacements.

“Their efforts leave us well-positioned to move forward with a world-class training program,”  Karlton Johnson, CMMC-AB board chair, said in a statement about the two departures.

Tchoubineh, the president of several cyber-training companies, led efforts to stand up training oversight for the Accreditation Body. His departure comes as those training policies are being revamped after an initial round of feedback from industry, including making training compliant with the Americans with Disabilities Act.

“I’m exceedingly proud of the work that the CMMC-AB Board has accomplished to stand up a world-class Accreditation and Certification body in just 15 months and with few resources,” Tchoubineh said in a statement. “I’m humbled and grateful to have worked with so many incredibly selfless and accomplished patriotic volunteers who stepped up to do what’s needed to secure our nation.”

Tchoubineh’s companies could become eligible for contracts and partnerships with the AB to deliver training services once he fully transitions off the AB. While a board member, he has been forbidden by the AB’s code of ethics from any self-dealing. But once gone, those restrictions are lifted on his businesses pursuing work in the CMMC ecosystem.

“As Board members transition, they will be expected to adhere to the Conflict of Interest documents they signed and conduct themselves accordingly. The board remains diligent towards employing strong ethics in all of the organization’s actions and activities,” the AB said in a statement to FedScoop regarding conflicts of interest.

Dean, who is chief information security officer of Accenture Federal Services, has been one of the few women to serve on the AB. In the first months of the AB’s development in 2020, she often led webinars and public communications about the AB’s progress.

“During my time on the CMMC-AB Board, we’ve accomplished many things, and I look forward to building on our successes as a member of the CMMC-AB’s Industry Advisory Council,” Dean said in a statement. “The relationships we’ve forged with the DoD over the last year will ensure the CMMC-AB is able to deliver critical cybersecurity standards for the defense industrial base.”

The board is in the process of trying to recruit full-time professional staff to transition from its current focus on minute details to becoming more of a strategic adviser, a goal it has been trying to achieve for months.