The votes are in for the 2025 FedScoop.

See the winners!

VA CIO Rob Thomas retiring from government

The Department of Veterans Affairs’ acting CIO, Rob Thomas, will retire from government service in October.

Thomas took over as CIO and assistant secretary for information and technology in an acting capacity after LaVerne Council stepped down from the position in January at the change in administrations. Before that, Thomas served as deputy CIO at VA.

Rob Thomas

Scott Blackburn will take over as acting CIO effective this week, Thomas said in an email to VA staff announcing his departure. Secretary David Shulkin appointed Blackburn acting deputy secretary of the VA in February.

“We have made significant progress, and we are continuing to move in the right direction with our ongoing transformation and modernization efforts and by the steadfast leadership of Secretary Shulkin on behalf of our Nation’s 23 million Veterans,” Thomas wrote. “With this in mind, I am proud of what we have accomplished, and continue to accomplish together, and I hope you are as well.  From modernizing both our electronic health record and benefits delivery network  to our continuing effort to improve enterprise cybersecurity, VA’s scheduling systems and consolidating the financial management system, OI&T is committed to the Secretary’s initiatives to deliver better service to our Veterans.”

Thomas also spent time as deputy CIO and acting CIO at the Federal Emergency Management Agency, and as a member of the Air Force. He is retiring with 35 years of federal service.

“Please know that it has been an honor, privilege, and pleasure to serve with you at OI&T,” he said. “This has been an enriching experience; serving our Nation’s Veterans, and equally important, having the opportunity to work side-by-side with outstanding public servants.”

Federal News Radio first reported Thomas’ departure.

CFTC chairman: Government must ditch ‘analog regulation,’ embrace blockchain

J. Christopher Giancarlo sees a digital revolution coming for financial regulators, and he says blockchain technology is the key to protecting the government’s oversight of markets.

The chairman of the Commodity Futures Trading Commission says that growing technological advancement requires agencies to be more inventive with how they monitor financial transactions.

“Finance and markets have been digitized, everything has been digitized. Everything you do, the way you hail a cab has been digitized. The one thing that hasn’t been digitized is regulation,” he said Wednesday at the American Council for Technology and Industry Advisory Council’s Blockchain Forum. “We are still very much an analog regulator of digital markets.”

The crown jewel for developing regulators’ digital capabilities, he said, is blockchain technology. The decentralized and distributed digital ledger systems originated with cryptocurrencies like bitcoin, but they now provide the private and public sectors with new avenues to securely share information. Transactions are inherently transparent, and because the resulting records are decentralized and distributed, the system is robust.

To get a jump on the rapid development of blockchain and other technology capabilities, the CFTC launched its own innovation incubator in May, dubbed LabCFTC. Comprised of three components to explore financial and regulation technology innovation, LabCFTC aims to collaborate with innovators, adopt new technology and develop digital age regulation.

“LabCFTC is designed to make us more accessible to fintech innovators,” Giancarlo said. “It serves as a platform to inform our understanding of emerging technologies and how they square with the existing [world].”

Giancarlo added that the project would generate a “dynamic tension” between innovators and regulators, allowing the agency to identify arcane rules and the new solutions to replace them.

One example of how blockchain improves that process is with transparency. Citing the 2008 financial crisis, Giancarlo said the opacity of credit default swap exposures amplified the panic among the world’s financial institutions.

“Because there was not a clear record of those exposures, there was a fear of failing that drove the crisis,” he said.

The Dodd-Frank Act requires that those swaps be reported to a central repository, but because of the variety of data formats and the time it takes to standardize them, those repositories have not developed the visibility that Congress envisioned.

Blockchain solves that problem, Giancarlo said, because it develops a shared ledger with data agreed upon by the parties that share it.

“The banks are going to real-time trade capture. And with a blockchain, they will record that on their mode and other banks will record it,” he said. “And if we were there, we would be able to see all of the financial institutions’ positions in real time as they do the trade, which is what Dodd-Frank aimed to get at.”

The chairman added that the CFTC is still working on obtaining the funding to participate in blockchain experiments, but said they could be transformative in both maintaining the agency’s statutory requirements and avoiding regulation that would inhibit that innovation.

John Owens’ advice to other agency CIOs: learn to live within government constraints and embrace failure

“My wife thinks I’m crazy,” John Owens, CIO of the U.S. Patent and Trademark Office, says. “But you know, some of us really enjoy this stuff.”

By “this stuff” he means the slow and sometimes tedious work that is modernizing legacy IT systems, a job Owens has been plugging away at since his appointment in December 2008. When Owens arrived at USPTO, straight from years of work at AOL, systems weren’t in good shape.

“I don’t know if I can do this job,” Owens remembers thinking. But he was driven by that (apparently) all-powerful force in federal service: mission. While at AOL, Owens applied for some patents, so he understood USPTO from a user-centered perspective. He understood both its value — he believes intellectual property protection is the driver of American economic power — and the places where it fell short.

But surveying the state of IT from the inside, Owens new he couldn’t content himself with small fixes. He needed a big plan. He needed to modernize processes, replace old desktops, train employees who hadn’t been trained in many years, fix the network — the list went on.

Now, as Owens’ ninth year as CIO nears its close, he’s eager to look back and share some lessons he’s learned on the job, which includes management of the technology that is crucial to the experts who assess patent and trademark applications. He’s also aiming to be more open about what’s ahead as the agency looks to shut off legacy patent systems by 2020.

The mandate is no longer “just keep it alive,” like it was when he arrived. Now, on the best days, the CIO’s team can be proactive rather than reactive, he says. He talks about how he introduced agile development and DevOps methodologies, focused on user-centered design. He also encouraged the release of open data and debuted some new back-office tools, like a new office correspondence system rolling out now.

The goal he’s always chasing? “Industry standard.”

One element of that culture, he said, is the familiar idea of embracing failure. Despite all the wins he’s excited to talk about, “we do [have failures],” Owens said. “But we learn from them.” An example of where things didn’t go exactly as hoped might include this Department of Commerce Inspector General report on USPTO’s “inadequate security practices.”

“Any CIO who tells you that they don’t have a failed project is probably not challenging themselves,” Owens said.

Asked what advice he has for people in similar roles elsewhere in government, he launches into a discussion of how CIOs need to learn to live within bureaucratic government constraints.

“Stop trying to change procurement. You’re never going to get it done,” he said. “Stop trying to change human resources stuff, it’s never going to change. Trust me I tried.” Instead — “quit bucking the process. Live within the constraints that the government has set up … and concentrate on the people. That, and follow industry best practices.”

Is all this reflection on his work a subtle valediction? Is Owens planning to leave USPTO? “I’m not going to say,” he said. He loves new challenges, but still feels excited by USPTO’s mission. “We’ll see,” he said.

Air Force awards $1B CHES cloud contract

The Air Force awarded a $1 billion contract to Dell EMC, General Dynamics and Microsoft to continue its massive migration to the cloud.

Through the five-year contract, the trio of contractors will implement the Air Force’s Cloud Hosted Enterprise Services program — a continuation of the Collaboration Pathfinder initiative to deploy Microsoft Office 365 with email, productivity and communications tools. Dell, Microsoft and General Dynamics Information Technology held that 2015 contract.

The new CHES contract, though, is much wider in scope, and according to Dell EMC, it’s the largest federal cloud-based unified communications and collaboration contract. It will leverage enterprise-as-a-service cloud to deliver information, communications, email, collaboration services, office productivity and records management capabilities to 776,000 users across the Air Force, as well as the Defense Logistics Agency and the U.S. Army Corps of Engineers.

As of late August, about 100,000 airmen had such capabilities in the cloud, Air Force Space Commander Gen. John Raymond said then at an event. This new contract will make is so “nobody gets the ‘your mailbox is too full’ anymore,” he said. By outsourcing IT, it lets airmen focus on their primary duties, Raymond said.

The contractors have ambitious goals, hoping to roll out the entire program in the first year — “a schedule that will allow the services to focus on their core mission and reduce costs as data centers are consolidated under this effort,” according to a release from Dell EMC.

Derived credentials explained, the balance of security and user experience on mobile devices

Two-thirds of government IT users and half of IT managers in a recent FedScoop study ranked single sign-on to all applications on their devices among the top three things that would make their digital experience more productive at work.

So why is the government struggling to adopt derived credentials — a user-friendly, secure method for adding strong authentication to mobile devices — at a time when agencies and users are also looking for ways to improve productivity and reduce IT friction?

Download the full report.

According to Eugene Liderman, director of product management at VMware, who focuses on security and privacy, derived credentials offer government agencies a reliable, user-friendly and compliant method for adding strong authentication to mobile devices. This approach also gives agency CIOs a proven alternative to costly and cumbersome physical personal identity verification (PIV) card readers often required to access government information systems. With government users looking for a faster, easier and less frustrating mobile experience, derived credentials can provide multi-factor authentication with a fast and seamless user experience.

A new FedScoop report, “Understanding derived credentials for the federal government,” addresses common misconceptions about derived credentials, explains how they work and outlines recommendations for CIOs considering implementing derived credentials in their organizations.

Overcoming misconceptions about derived credentials

Liderman says the federal government faces two main challenges to the adoption of derived credentials: misconceptions around complexity and misunderstanding regarding use and cost.

“A lot of people think of derived credentials as a silver bullet that’s a technological breakthrough that is super complicated,” says Liderman. “In fact, it’s not a new product or a new technology; it’s more of a framework, a procedure, a flow of how you enroll and get a derived credential onto your device and use it. It’s not so different from what we do today, and there is not as much friction to get going with it.”

The National Institute of Standards and Technology (NIST) defines a derived credential as an alternative token to create multi-factor authentication with a mobile device, such as a smartphone or tablet.

Liderman says agencies can leverage this alternative method to provide multi-factor security for mobile devices without smart cards and readers, which are clunky and impractical for mobile devices.

In an attempt to mitigate the need to use smart cards with mobile devices in the government, many agencies simply are not enforcing the use of two-factor authentication on smartphones or mobile devices like tablets, which goes against federal security guidelines. NIST Special Publication 800-157 presents derived credentials as a viable alternative.

In addition to enabling secure mobility for federal defense and civilian organizations, derived credentials also empower managers with control over applications and data, even when they do not own or have control of the devices. Plus, users have the flexibility to access apps and data they need for work, anytime, anyplace, from any devices.

Download the special report for more on understanding and implementing derived credentials in federal defense and civilian agencies. 

For more on improving government workforce productivity and security, go to FedScoop’s Public Sector Innovation Priorities series.

This article was produced by FedScoop for, and sponsored by, VMware. 

A deeper dive into DHS’s Kaspersky ban

We now have a greater understanding of exactly what the Department of Homeland Security’s ban against Kaspersky Labs products means after the department published its directive in the Federal Register on Tuesday.

DHS ordered the removal of Kaspersky products from federal networks last week within the next 90 days. The ban, however, leaves out a big hole for the Department of Defense and the U.S. intelligence community, which are unaffected by the directive.

The binding operational directive, obtained by CyberScoop on Monday, lays out exactly which products are banned and which are exempt, but it “does not address Kaspersky code embedded in the products of other companies,” CyberScoop’s Patrick Howell O’Neill reports. 

That could potentially refer to Kaspersky products being used in other companies’ products, which are used widely across Pentagon and civilian agencies. Kaspersky is a multi-national company with a wide array of products, with many agencies harnessing tech that uses Kaspersky Cloud Security for enterprise.

It’s not yet clear how many machines the directive will impact, but DHS should know within the next 30 days when agencies are required to submit a report outlining the full list of Kaspersky-branded products found on agency information systems, how many endpoints are impacted and the methodologies used to find the products.

The full list of Kaspersky products banned by the DHS directive are:

You can read the full directive on CyberScoop.

Library of Congress doubles down on digital with the launch of ‘labs’ site

The Library of Congress is experimenting with information crowdsourcing through a new project from the just-launched labs.loc.gov, the library’s new home for digital experiments.

The site debuted on Tuesday as “a new online space that will host a changing selection of experiments,” including projects by library challenge winners and “innovators-in-residence.”

“We already know the Library of Congress is the ultimate treasure chest, but with labs.loc.gov we are inviting explorers to help crack open digital discoveries and share the collections in new and innovative ways,” Librarian of Congress Carla Hayden said in a statement.

An early featured project is called “Beyond Words,” which asks the public to find cartoons and illustrations from the library’s collection of old American newspapers and digitally add a “caption” that will allow the images to become searchable.

“What I like about crowdsourcing is it gives people a chance to discover hidden gems in the collection,” Tong Wang, the IT specialist who created Beyond Words during a three-month pilot innovator-in-residence program, said in a statement. “You never know what you’ll find poking through old newspapers.”

In order to support future projects like this, the library has also released application programming interfaces (APIs) for a selection of its digital collections. “These windows to the Library will make the collections and data more accessible to automated access, via scripting and software, and will empower developers to explore new ways to use the Library’s collections,” a press release states. “The Library is releasing the API [for loc.gov] as a minimum viable product so that feedback from early adopters can help drive design and development for further enhancements.”

Labs is managed by the Library of Congress’ National Digital Initiatives office, which was created in 2015 to encourage and promote use of the library’s digital assets.

“Every day, students, researchers, journalists and artists are using code and computation to derive new knowledge from library collections,” National Digital Initiatives chief Kate Zwaard said in a statement. “With labs, we hope to create a community dedicated to using technology to expand what’s possible with the world’s creative and intellectual treasures.”

MGT Act passes Senate as amendment to NDAA

The Modernizing Government Technology Act passed the Senate on Monday as an amendment to the fiscal 2018 National Defense Authorization Act.

The Senate’s version of the tech legislation, sponsored by Jerry Moran, R-Kansas, and Tom Udall, D-N.M., also passed the House in May as a stand-alone companion bill authored by Rep. Will Hurd, R-Texas.

The bill proposes to allow agencies to put money saved through IT efficiencies into working capital funds, which can be accessed for up to three years, to fund efforts to modernize their technology. It also would create a centralized fund agencies can tap into for modernization.

“By incentivizing the transition to modern technology, we will allow the government to harness cutting-edge technologies, use each dollar more efficiently, strengthen our digital infrastructure and improve government services for everyone,” Hurd said in a statement. “I thank my colleagues in both the House and Senate for working together to get the MGT Act one step closer to the finish line.”

Many of Hurd’s colleagues on both sides of the aisle and in both chambers were pleased to see the bill another step closer to law. At this point it’s expected be enacted as part of the defense legislation, which is headed for a House-Senate conference committee later this fall.

“In light of the numerous data security issues that continue to threaten our federal government and American businesses, I’m pleased the Senate acted to prioritize the modernization of our alarmingly outdated federal IT systems,” Moran said. “The MGT Act is a critical step toward bringing our federal IT systems into the 21st century. The improved efficiencies included in the legislation will strengthen our cybersecurity capabilities and reduce long-term wasteful spending.”

House Majority Leader Kevin McCarthy, R-Calif., called the Senate passage “a major step forward in our goal of creating a more cost-efficient and digitally secure federal government.

“By leveraging new technologies, we will save taxpayers money and deliver a well-overdue update to our nation’s IT systems,” he said.

Rep. Robin Kelly, D-Ill., said the bill “is long overdue.”

“It’s 2017, it’s time to bring the next generation of technology and innovation to government IT to save costs, protect our citizens personal information and enhance our security,” she said.

Attaching major tech legislation to the NDAA has become a common route to passage in recent years. It’s the same way the Federal IT Acquisition Reform Act reached the president’s desk in 2014.

The bill’s passage also received praise from industry representatives, just days after several groups urged the Senate to move the bill as an NDAA amendment.

Professional Services Council President David Berteau said “the Senate’s actions take us closer to enactment, which will provide a dedicated funding stream for federal agencies to harness new technologies, reduce government costs and vulnerabilities, and improve efficiency and performance.”

 “As the world continues to change at an unprecedented pace, the federal government must have modern IT systems that can adapt to better serve their constituents,” said Steve Harris, senior vice president of Dell EMC. “We appreciate the Senate’s recognition of this need by including the MGT Act in the 2018 NDAA.”

Mary Davie officially named deputy commissioner of FAS

Mary Davie has been officially named the deputy commissioner of the General Services Administration’s Federal Acquisition Service.

FAS Commissioner Alan Thomas announced the move Monday in an email to GSA staff. Davie had been serving as the deputy commissioner in an acting capacity since June, when top FAS leadership resigned after the announcement of a reorganization in the service. Thomas was named commissioner amid that reorganization, which also places GSA’s Technology Transformation Service within the agency’s acquisition arm.

“Mary’s depth of experience working with stakeholders across government, industry and FAS’s customers is second to none. It’s provided her with an excellent perspective from which to guide the organization as it moves forward,” Thomas said in a statement. “Mary is well poised to support our FAS leadership team as we continue to build on recent successes, including improved employee, customer and supplier satisfaction and driving additional savings and efficiencies into the federal procurement landscape.”

Kay Ely, who replaced Davie as acting assistant commissioner for the FAS Office of Information Technology Category, was also officially named to her role.

“Mary and Kay are no strangers to high-impact leadership roles and they bring impressive experience to their new positions,” Thomas said in his email to staff.

GSA last week announced Bill Zielinski as governmentwide IT category manager, another role Davie formerly held.

Thomas took the opportunity Monday to make several leadership moves at once, moving Dave Zvenyach, the acting executive director of 18F, to serve as the acting assistant commissioner for the Office of Systems Management, which supports GSA’s Acquisition Gateway and Integrated Award Environment. Rebecca Piazza will take over his acting director role within 18F.

“Dave is a respected technology & acquisition leader and this move is a great example of how we are using the best talent in our organization to benefit our customers and industry partners by joining forces to modernize our systems,” Thomas’ email says.

Davie’s and Ely’s official roles are effective Sept. 25, while Zvenyach’s will start Oct. 1.

Watchdog issues glowing assessment of NASA’s drone-related research

As part of the Federal Aviation Administration’s interest in integrating unmanned aircraft systems into the airspace, NASA has been conducting research on how to safely fly drones around an increasingly crowded sky. And according to a new report by the agency’s inspector general, NASA is doing a great job.

The audit, released Monday, makes NASA out to be a wonderful research partner — delivering valuable insights on time and within budget.

“NASA has performed research related to data exchange and information architecture, sense and avoidance of manned and unmanned vehicles, and communication and navigation,” the NASA IG report states. “These research efforts have been managed in compliance with NASA research and technology development policy and have achieved all planned schedule and technical milestones within allocated time and budgets.”

The audit focuses on two main ongoing research projects — the UAS in the National Airspace System Project, which is aimed at developing “operational performance standards” for drones, and the UAS Traffic Management Project “developing a traffic management system for aerial drones operating in the Nation’s airspace.”

The agency plans to work on additional research projects with FAA going forward, the audit states. By way of example, the report mentions future research on the effects of drone noise — a topic NASA released an early study on this summer.

All in all, the audit concludes, “NASA’s research efforts should have an overall positive effect on the FAA’s efforts to meet its congressional mandates and to implement an operationalized UAS system.”

It isn’t all so rosy, though. Where NASA does worse is in the management of its own drones.

The agency owns a “wide variety” of drones, the audit found, but the way in which they are acquired and tracked can be a little ad hoc.

For example, the report found that “231 of the 410 (56 percent) UAS acquired since 2009 were obtained without the required prior approvals.” The fact that drone users in the agency are unaware of and thus not following proper acquisition protocol “increases the Agency’s risk and at times has resulted in unnecessary expenditure of funds,” the audit states.

The IG recommended “policy and procedural improvements” to alleviate this shortcoming — NASA management concurred or partially concurred with all the recommendations.