Page 861 | FedScoop

Vote today for the 2025 FedScoop 50 awards.

An 18F for cyber? Co-founder Greg Godbout says it’s on the horizon

The first executive director of 18F, the Obama administration’s IT tiger team, envisions a new federal cybersecurity fix-it organization that could parachute into agencies to help boost their digital defenses.

Reflecting on his vision for the future of digital citizen services, and on his time with the federal government, Greg Godbout said there’s a need for a U.S. “cybersecurity service” as an adjunct to the administration’s U.S. Digital Service.

And he noted the feds could look to Britain’s Communications Electronics Security Group as a possible model.

The CESG — which provides technical advice and expertise on cyber and information security to British government agencies and their vendors — is part of Britain’s GCHQ, London’s electronic spy agency and their equivalent to the NSA.

“It would be really great to have a consultant service in government similar to an 18F or USDS model … that’s built around cybersecurity,” Godbout told FedScoop about a month after he left his last post as Environmental Protection Agency’s chief technology officer for the private sector.

He added, “In some ways it’s inevitable, but [I say] let’s do it now.”

Godbout was short on details about what such a “cybersecurity service” might look like. He said it could be set up by some combination of the U.S. CIO’s office, the Department of Homeland Security and the General Services Administration — but “it doesn’t have to be those three.”

Godbout’s passion for what he calls digital government runs deep: He was part of a group of former Presidential Innovation Fellows who started GSA’s 18F digital services team, and, after leading that organization, he joined EPA to develop its digital services offerings.

Earlier this month, he joined cBrain, a publicly traded Danish tech company that makes an integrated software platform designed for public agencies. He said it brings in records management, chat or messaging and other functions in a way that makes it easier for federal employees to work — which he says is part of the larger digital transformation movement.

When Godbout came to government three years ago, federal IT focused on building monolithic systems, which took several years and were delivered all at once, in a closed environment, he said. Now, an increasing number of systems, projects and programs are becoming user-centered, agile and modular.

“When I first got here, people were saying things like, ‘government can’t produce good products,’” he said, pointing to the disastrous rollout of the Healthcare.gov. “It was all this can’t, can’t, can’t. Now, all these things can be debunked.”

The Consumer Financial Protection Bureau, he said, was an early leader in the digital transformation charge — it “was like early adopter,” he said. Indeed, four of 18F’s 12 original members came from the CFPB.

“We were really the platform that we built upon — because they were doing it,” he said.

Now, he said, “in nearly every agency I’ve engaged with, there is a group of innovators who are doing very exciting things for transformation.”

Just a few examples of agencies that “have fully committed to transformation agencywide and taken action to do so,” he said, are the State Department, DHS, the Office of Personnel Management and the Social Security Administration.

He also said he was “especially impressed” by Department of Veterans Affairs CIO Laverne Council’s recent work to reform the agency’s IT management.

Looking ahead, he said that he thinks even after the Obama administration ends, the digital services push will continue. The digital services movement is happening in countries across the globe, and there’s pressure to keep pace with the technology in other governments. At the same time, forward thinkers in the federal government want it as well.

“You have a choice: You either get in front of it or let digital happen to you,” he said.

He added, “If the momentum goes away, there will be a decrease in security, there will be increases in failed websites, there will be increases in lack of productivity,” he said. “I can’t imagine anyone wants that.”

Contact the reporter on this story via email Whitney.Wyckoff@fedscoop.com, or follow her on Twitter @whitneywyckoff. Sign up for all the federal IT news you need in your inbox every morning at 6:00 here: fdscp.com/sign-me-on.

The man behind SBA’s $6.5B annual give away for startups

Silicon Valley may seem like the capital for tech startups and angel investing. But for Mark Walsh, who has made a career of piloting and funding tech startups, nothing quite matches the opportunities he’s seeing now at his offices a few blocks away from the U.S. Capitol in Washington, D.C.

Walsh has had a knack for getting in on the ground floor and building technology and media businesses, starting at Home Box Office in the early days of pay-TV. He later led an online business for General Electric, oversaw enterprise business development at AOL as the internet began taking off, and took public an online business-to-business procurement platform called VerticalNet.

Since then, he has been involved as an angel investor, board director and advisor to a variety of firms.

But a chance call from an old colleague eventually led to a pitch Walsh couldn’t turn down: to head up the Small Business Administration’s Office of Investment and Innovation where he helps dole out $6.5 billion annually in seed capital and loans to promising startups through the agency’s Small Business Innovation Research, or SBIR, program and Small Business Investment Co., or SBIC.

The agency’s funding has helped lift a variety of innovative ideas literally off the ground, from 3D printing in space to airborne wind turbines that can supply energy to remote locations. It has also provided seed funding for all kinds of other startup ideas, including bioplastics generated from waste materials, robotic buoys and educational tools designed by women developers.

Seed money from SBIR helped launch major tech companies like Qualcomm and Symantec.

FedScoop met with Walsh at his Washington office, ahead of the SBIR’s National Innovation Summit, May 23-25, to talk about what persuaded him to move from private sector finance to a job working for the federal government last November –—and why more startups aren’t taking advantage of what the SBA can offer.

Editor’s Note: This interview was edited for clarity and length.

FedScoop: Why did you say ‘yes’ to coming to the SBA?

Mark Walsh: I talked to people here and some outsiders who know this zone, and they told me, ‘This is the best job in the United States government.’ Because you have money, you have the will and the power and the authorization to interact with really significant investment professionals in the private sector – and technology startups. So you can really get stuff done rapidly.

I mean no disrespect to the rest of the U.S. government, but managing bureaucracy is not my skill set. I’m actually interacting with everybody in my Rolodex. And I’m getting to know these really cool people that I would have tried to get to know anyway.

I love the fact that the SBA is kind of a stealth organization. A lot of government is in the ‘no’ business — because they’re regulators, saying, ‘You can’t to this and that.’ We’re in the ‘yes’ business. A whole chunk of the SBA is about handing money to smaller businesses. But my world is for big venture capital and private equity funds.

So if there was ever a time and ever a place to join the federal government, this was it – especially with the president in his last year, when he’s really trying to break some glass, and take some directional commitments that map against my innovation background.

FS: What surprised you most about moving from the private sector to the federal government?

MW: Everything I was hoping to see in the government I see ‘times-ten’ – way, way more expertise, commitment, savvyness, market knowledge. It really blew me away. There are people on my team that could resign tomorrow and go to work for Goldman Sachs for 15-to-50 [times] their current salary. But they don’t. We all have reasons for what we do. I love the fact the U.S. government has people that do incredible work.

Everything I was hoping not to see, I also see ‘times-ten.’ Things that many people are critical of the U.S. government about: bureaucracy, [a culture of] ‘that’s the way we’ve always done things here.’ My whole career has been high change-rate environments with a high appetite for risk, so I’m the wrong guy to judge traditional complex behavior at large organizations.

FS: SBA has a lot of money to dole out, relatively speaking, that a lot of people either don’t know about – or perceive a lot of obstacles to getting it. What’s your perspective on what’s preventing more of the market from taking advantage of what the SBA has to offer?

MW: This is the question of the ages. The U.S. government is a very bad marketer; they’re the government — they’re not supposed to be good at marketing. So part of my job and my team’s job is just getting out and making sales calls. It’s really just outreach. It’s really amazing how few people know how many dollars are available to professional investors in the SBIC side and to innovative startups and seed capital arenas on the SBIR side to fuel great stuff.

As for the second part of your question, even if they know, are they worried about the paperwork and the process? And sadly, the answer is, they should be.

We do ask for a lot of information from our applicants; we do have a lot paperwork [delivered] the old way, because that’s the way we’ve always done it. So we’re trying like hell to reduce the amount of time and streamline the process to make applying for SBIC or SBIR funds smooth, painless and productive. We’re trying to get better at short ‘no’s’ and faster ‘yesses.’

At the same time, we’re trying to make the interaction after you get our money be smoother. Once we’re partners, we ask [applicants] to file documents which can be onerous.

I’ll one add more thing: Some people are afraid of being in business with the government, because it’s the government and they don’t want the government to know everything about their efforts. And I get that.

FS: How would you describe the sweet spot of the kind of companies that fit the profile of what SBA is willing to fund? Is it companies that can benefit the government, or the U.S. economy?

MW: Actually it’s both. We have two buckets: SBIC and SBIR.

SBIRs are startups and seed capital environments that will help the government and the private sector citizens at the same time. We give out Phase 1 and Phase 2 cash grants – no equity, no debt, you own it – for ideas and discoveries and software and technology platforms that are mapped against the need of another agency in government.

So the [Defense Department] says they need new Kevlar weaving for bulletproof vests. We will find an opportunity with a bunch of bench chemists, or a start up company, and we’ll fund them with cash grants that A) prove that their weaving is better and B) prove that they can scale and commercialize so they can make a lot of it, and C) introduce them to the customer at DOD who’s going to buy a lot of those vests. It’s a true grant system, but there has to be a target [agency] customer at the end of the process. It’s unbelievable how broad the needs of government agencies are.

A quick example: Roomba, that little round [robot] vacuum – that was an SBIR grant, about $1.7 million. The Department of Defense needed a technology and a device to search caves and open fields for land mines. So Roomba actually began as a little land mine searcher. It knows where it’s been.

We’ve got thousands of stories like that. Probably two-thirds of the [technologies in the] mobile phone in your pocket is SBIR grant-generated technology. Symantec, Qualcomm are two technology companies started with SBIR grants.

The other side is SBIC. There, we look for professional investors — private equity funds, venture capital funds — and we give them debt. So if you and I started a private equity fund today and raised $75 million, came here and applied for, and got a license — which takes too long — my group, would give you $150 million on top of that. That’s two-to-one debt leverage at 3.8 percent interest over ten years, no prepayment penalty.

So we have about $4 billion a year in that SBIC debt leverage to hand out. SBIR has about $2.5 billion a year in cash seed grants to hand out. So $6.5 billion a year – refreshed every year.

FS: What are some of the strategies you’re trying to encourage?

MS: We have something called Impact SBICs. If you agree to spend 51 cents out of every dollar or more, on one of three arenas, you’re an impact fund, and we treat you a little better.

Those are: geographically desirable companies – so companies in urban Detroit or super rural New Mexico; companies that are demographically desirable – companies run by women or native American Indians or wounded veterans; or companies that are in President Obama’s three main areas of interest, which are advanced manufacturing, clean energy or education software.

We’re trying to get more and more impact fund applications and we’re trying to segment. We’re looking at Ag tech, Ed tech, energy, health – and we’re hoping to find partners who will define their strategy within those guardrails.

And by the way, the companies that have gotten SBA money in the past would surprise you. They include AOL and Apple and Tesla and Under Armor and Intel and Amgen and Quiznos and Costco. It’s incredible who’s been in our family on their way to being a big, worth-a-ton-of-money company.

Reach the writer at wyatt.kash@fedscoop or on Twitter @wyattkash.

Survey: Federal cyber execs underwhelmed by ‘cyber sprint’

Many federal cybersecurity executives are underwhelmed by the government’s “cyber sprint” in response to the Office of Personnel Management’s massive data breach last year, according to a new report Thursday.

More than half of respondents (52 percent) in the small-scale survey said the administration’s “cyber sprint” — a 30-day push led by U.S. CIO Tony Scott to strengthen agencies’ network defenses — hadn’t improved the overall security of federal systems.

A quarter said their own agency made no changes after the June breach.

The report said the OPM wasn’t the wake-up call some cyber experts had hoped for.

“OPM had the breach, and while others were affected, they may not have felt the impact to the pain level needed,” said one former federal chief information security office in the report, which was produced by the nonprofit International Information Systems Security Certification Consortium and sponsored by KPMG.

The anonymous former CISO added, “The Sprint looks to be turning into a marathon for some agencies — resources, mandates, oversight are all roadblocks to getting agencies started on [U.S. CIO] Tony Scott’s vision of security.”

Scott announced the sprint after news broke that the personal information of 22 million people who held or applied for a U.S. security clearance was exposed in the OPM breach. After the sprint, Scott lauded agencies for making “significant progress“on using personal identity verification cards or other forms of strong authentication.

The report also found 59 percent of survey respondents believe their agencies struggled to understand how cyberattackers could breach their systems.

Nearly two-thirds, 65 percent, disagreed that the federal government was capable of detecting ongoing cyberattacks.

For the report, researchers conducted an online survey of 54 people who identified themselves as federal senior managers or contractors with cybersecurity responsibilities.

The report offers recommendations:

Use a holistic approach to dealing with cybercrime — don’t just focus on getting more technology.
Give federal cyber executives more authority to make risk-based decisions and improve their agencies’ cyber culture.
Educate the entire workforce on cyber.
Conduct regular cyber hygiene trainings and simulations drills. Don’t just hold annual PowerPoint-based lectures.
Nurture the government’s existing cyber professions and reward them with continuing education opportunities.
Reinforce the NIST Cybersecurity Framework functions as a baseline for security assessment.

New Senate bill aims to put the boot to botnets

The bill would go after botnets, which often use a remote network of computers to send malicious code across the Internet. (Pixabay)

A group of senators have crafted a bill that would give the government greater powers to prosecute and punish those who operate and rent out botnets.

Sens. Lindsey Graham, R-S.C., Richard Blumenthal, D-Conn., and Sheldon Whitehouse, D-R.I., earlier this week introduced the Botnet Prevention Act, which would expand the Justice Department’s civil injunction authority to tear down botnets, issue new criminal offenses for renting out to botnets and raise the penalties for cyberattacks on critical infrastructure.

Botnets are networks of infected computers, owned and operated by innocent and often completely unaware third parties, which cybercrime gangs control through malware. Botnets are used for DDoS attacks and spamming, and are often rented or sold to the highest bidder by so-called “bot-herders.”

Graham and Whitehouse rallied support for the bill Wednesday during a sparsely-attended Senate Judiciary Committee hearing that explored ransomware.

The provisions in the new bill go beyond what is currently allowed by the Computer Fraud and Abuse Act, which only allows the Justice Department to issue civil injunctions if a botnet is used for certain types of crime. The 30-year-old law also doesn’t have any language about penalties related to selling or renting access to botnet networks.

Botnets are often a key part in the spread of ransomware, used by criminals to distribute the malware to as wide of a network as possible. Infected computers have their files, folders and drives encrypted, and the owners have to pay a ransom to get the key. According to the FBI, criminals received $209 million in ransomware payments in the first three months of 2016.

Those figures back up other research that points to a sharp rise in ransomware in 2016. Kevin Haley, the director of product management at Symantec Security Response, told FedScoop last month his group has seen an average of over 4,000 ransomware attacks per day since Jan. 1, a 300-percent increase over 2015.

While ransomware has mainly been used in attacks on individuals, hospitals, police departments and even federal agencies have been dealing with the malware as well. The Homeland Security Department told the Senate Homeland Security Committee in March that there had been 321 ransomware incidents reported by 29 different agencies since June 2015, with many attacks stopped by agencies’ security centers.

Security professionals and white hat hackers have recently made headway in breaking the encryption that ransomware relies upon. Kaspersky Lab has been on a months-long cat-and-mouse chase with the developers of CryptXXX, releasing decryption tools after multiple iterations of the malware have been pushed out in recent weeks. Additionally, the developers of TeslaCrypt gave up the ghost Thursday, posting their master key and an apology on their Tor website.

Whitehouse said during the hearing that without his bill, business could suffer up to $1 billion in losses this year. Testifying, Justice Department official Richard Downing said that figure is on the low end of law enforcement’s measurements.

“If we don’t do something to address the deterrence we’d like to get, $1 billion seems like a low estimate,” he said.

You can read the full text of the bill on congress.gov.

Contact the reporter on this story via email at greg.otto@fedscoop.com, or follow him on Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.

Calling all kids: The White House wants your science and tech ideas

The White House put out a call for the next big idea in science and technology — and adults need not apply.

John Holdren, director of the Office of Science and Technology Policy, wrote in a blog post Thursday that the president is asking the nation’s kids to submit ideas related to science, innovation and technology.

“Whether you care about tackling climate change, finding a cure to cancer, using technology to help make people’s lives better, or getting a human to Mars, we can’t wait to get your input!” he said in the White House blog.

He writes that President Barack Obama came up with the idea after talking to nine-year-old Jacob Leggette during last month’s White House Science Fair. Jacob, who showcased his research with a 3-D printer at the fair, suggested the president select a kid science adviser.

“The President loved the idea, and suggested that we bring together a group of kids to share their thoughts on what they think is important in science, technology, and innovation,” Holdren wrote. “Kids know first-hand what’s working inside and outside of their classrooms and how to better engage students in Science, Technology, Engineering, and Math (STEM) fields.”

Obama recognizes that future innovations depend on the savvy of today’s students, he added.

Below the blog post, an online application form asks pint-sized scientists for one idea that could “make our country work better using science and technology.” It also asks the applicants what their favorite thing is about STEM.

The form is due June 17 by 11:59 p.m.

White House official urges IT leaders to join open data efforts

White House technology policy adviser Kristen Honey urged government and industry IT leaders to support the open data movement and showcase their work at two upcoming data innovation events.

Speaking Wednesday to a standing-room-only audience at the annual Data Innovation Summit in Washington, Honey highlighted a number of the administration’s open data initiatives, dating back to 2009, that are leading to innovative advances in medicine, agriculture, energy, transportation and education.

“Data science is a team sport, but innovation is an even bigger team sport,” she said at the forum, which was presented by Mark Logic and produced by FedScoop.

She cited how the administration’s Project Open Data initiative, and other open government directives, including a May 2013 Executive Order, have led to tools that help families better evaluate the return on college investments or find fair housing options, and to a White House Police Data Initiative.

But Honey, a senior policy adviser in the White House Office of Science and Technology Policy, also encouraged the audience to get involved in the open data movement and participate in two events promoting innovative uses of government data.

The first is the National Day of Civic Hacking on June 4, organized by Code for America, NASA and Secondmuse. The program, now in its fourth year, provides developers, government employees, data scientists, app designers and community leaders with an organizing platform to host local “civic tech” events designed to develop applications that make use of public data.

“You can host your own event,” and join hundreds like it across the country focused on everything from “the Zika virus, affordable housing, streamlining processes for small businesses, or connecting people with jobs,” said Honey, “So if you have an idea, this is a great opportunity.”

The second event is a new White House sponsored Open Datapalooza, which she announced would take place September 28 in Washington.

Patterned after the Health Datapalooza launched in 2010 by Todd Park, then CTO of the Department of Health and Human Services and now in its seventh year, this new Datapalooza will be unique, said Honey.

“This will be the best of the best,” bringing together the most successful examples of how government data have been turned into commercial applications across all sectors, including energy, safety, transportation, as well as healthcare.

How HHS is spurring data innovation both inside and outside the agency

It will be obvious when the Department of Health and Human Services’ IDEA Lab is a success, because it will no longer be needed, according to Damon Davis, the director of the department’s Health Data Initiative.

Davis spoke about the lab as a way the department is driving innovation through data, which in turn can change the internal culture around innovation and help spur health-focused products and services outside the agency.

His remarks Wednesday at MarkLogic’s Data Innovation Summit, produced by FedScoop, hit on numerous HHS efforts, including various challenges, data initiatives and data-driven events.

The efforts are something HHS ran with after President Barack Obama made open data a key focus of his administration. Davis said that focus gave HHS the ability to drive culture change within the agency.

“We’re not implementing any new statues but emphasizing new strategies allowed under approved legislation,” Davis said. “Establishing an innovative culture also requires to a degree a data-driven culture.”

That drive for change has helped HHS remove what Davis called “calcified government processes,” leading to the creation of data tools and challenges that helped HHS further its missions.

Since 2011, HHS has held 130 challenges with 800 participants, issuing $6 million in awards with a median price of $50,000. Davis also expects HHS to award three times as much prize money in 2016 that it did in 2015.

The agency just handed out a number of awards at its recent Health Datapalooza, a national conference focused on liberating health data. The department issued $25,000 to the National Opinion Research Center (NORC) at the University of Chicago in its Rheumatoid Arthritis Data Challenge, as well as $80,000 to six teams that built projects dedicated to services like real-time air quality maps and open volumes of brain imaging data.

Davis also spoke about his agency’s homegrown data projects, including a Mapping Medicare Disparities Tool to identify areas of disparities between subgroups of Medicare beneficiaries (e.g., racial and ethnic groups) in health outcomes, utilization and spending.

Davis used the tool as an example of how agencies need to move past cataloging data on data.gov for people to figure out their own use cases.

“We need to be moving from dumping data sets onto data.gov to one where be can be more conversant with the public about what is valuable to them and deliver those data as assets,” Davis said. “To accomplish the goal of well managed data, we have to invest in personnel and infrastructure to support more demand and capacity to participate in the growing data innovation ecosystem.”

Mo’ data, mo’ problems? Agencies wrestling with big data

Ben Franklin famously observed that the only things certain in life are death and taxes — but now we can add data to that list, according to Bill Marion, deputy CIO for the U.S. Air Force.

The result? “It was easier to find [that] 200-year-old quote from Ben Franklin … than the notes for a speech I made last year in Colorado.”

“That’s the reality we all face today,” Marion told MarkLogic’s Data Innovation Summit, presented by FedScoop, at the Newseum in Washington, D.C. on Wednesday.

A succession of federal officials described the challenges they face on a daily basis, dealing with the tsunami of data generated in an increasingly wired world.

According to figures Marion presented from consulting firm Excelacom, 150 million emails will be sent every minute this year, along with 347,000 tweets. More than 1300 Uber rides will also get booked every minute.

To make matters worse, “data is an afterthought” for most policymakers, observed Robin Thottungal, the Environmental Protection Agency’s first chief data scientist.

As a result, said Marion, up to 60 percent of the data most organizations hold is “dark” — not visible to managers and potentially stored in inappropriate or non-compliant ways. Marion said “dark data” in the military even includes classified material.

Even without dark data, large enterprises often waste resources “wrangling” data to get it “into a shape where it can be used,” said Jon Bakke, MarkLogic’s executive vice president for worldwide customer operations. Data scientists in such organizations often spend as much as 80 percent of their time on what he called “ETL — extraction, transfer and loading.”

“That takes time, effort and a lot of money,” he said.

Marion added that recent advances in technology mean “we don’t have to standardize the data” into a particular format any more.

But there are still serious challenges. “The key elements,” he said, “are securing it, getting access to it, and correlating it using data science.”

Bringing it back to Franklin’s certainties, Marion quipped that “we will all be dead before the data problem is solved.”

The next big thing in agriculture? Drones on farms

Farmers may start using a cattle drone instead of a cattle call to keep tabs on their livestock.

Drones will be the future of advanced agriculture data, said Michael Valivullah, chief technology officer at the National Agricultural Statistics Service, which is housed at the Department of Agriculture.

Valivullah spoke Wednesday on a panel about what’s next for big data at the MarkLogic Data Innovation Summit, which was produced by FedScoop.

He drew raised eyebrows from the crowd as he talked about “precision agriculture” — and how farmers are going to be able to use drones to get data about their crops.

“Farmers are going to be more dependent on drones,” Valivullah said. “The reason being, drones are a lot cheaper and can gather high-resolution, sensitive data. So a farmer or rancher will be able to understand what they have in their operation.”

There are 2.3 billion acres of land across the United States, and about 900 million of those acres comprise farmland, Valivullah said. USDA keeps track of farmers who produce and sell products that are worth more than $1,000 in a central database.

The agency once used traditional paper and pens to collect information, but it started sending out electronic forms — as well as iPads and tablets — a few years ago to researchers in the field.

Drones may be an even better way of collecting data. Farmers will be able to zero in on specific information about the health of their crops on their own land that drones will pick up, Valivullah said.

“Accuracy of data is very important. The confidentiality and quality of data are also very important,” he said. “If we put good data in, we get good data out.”

The higher resolution that comes with using drones means that pixel count will be in the trillions, rather than billions, which is currently what satellite data produces.

But, Valivullah added, the agency has to be prepared for the influx of the new data that will be available.

“We have to be able to handle that amount of data,” he said. “How do we prepare ourselves?”

Reach the reporter at corinne.lestch@fedscoop.com and follow her on Twitter @clestch.

Agencies show improvement in second FITARA scorecard

The second round of grades tied to the Federal IT Acquisition Reform Act show an incremental improvement over the initial set of scores last year, with half of the 24 CFO act agencies scraping a pass, FedScoop has learned.

Twelve agencies tied to FITARA scored a “C,” improving upon the “D” the majority of agencies received when the first scorecard was released in November. Seven agencies — USDA, Energy, Education, Justice, Labor, OPM and Social Security Administration — improved by at least one letter grade. One agency, GSA, dropped to a “C” from a “B.”

This time around, NASA was the only agency given an “F.” Last year, NASA was joined by Energy and Education.

This year, Energy would have received a “C,” but it and the Labor Department had their overall grades downgraded to a C- because their FITARA implementation plans have yet to be approved.

The overall grade on the report card was derived from scores for four objectives set by FITARA:

Data Center Consolidation
IT Portfolio Review Savings
Incremental Development
Risk Assessment Transparency

Agencies showed improvement in the incremental development category, which measures investments that use at least 50 percent of an agency’s planned development spending. There was also a marked improvement in data center consolidation, with a handful of agencies moving up a letter grade in that category.

Agency marks for IT Portfolio Review Savings were worse than the first scorecard, with 18 of the 24 CFO Act agencies earning an “F.” FITARA directs agencies to sit down with the White House’s Office of Management and Budget to assess their IT assets and identify projected cost savings.

The scorecards will be published at a Wednesday hearing of two subcommittees of the House Committee on Oversight and Government Reform. During that hearing, Commerce CIO Steve Cooper, NASA CIO Renee Wynn, Energy CIO Michael Johnson and Labor CIO Dawn Leaf will testify.

Rep. Will Hurd, R-Texas, said while he’s happy with the improvements, agencies still have a lot of work to do.

“Ultimately, taxpayers deserve a government that leverages technology to serve them, rather than one that deploys insecure, decades old technology, and keeps sensitive information in non-encrypted databases,” said Hurd, the chair of the IT subcommittee. “We are not there yet and we have a long way to go, but I am cautiously optimistic that we are moving the needle in the right direction”.

Despite some sore points, the White House seems to approve of the early stages of FITARA. Last month, U.S. CIO Tony Scott said the law culturally propelled IT to a major focal point concerning mission.

[Read more: U.S. CIO: FITARA promotes broader IT discussion in agencies]

“While FITARA was meant to address a set of things, it has big wings that have helped lift a bunch of other things that needed to happen in the federal government,” he said at an April ACT-IAC event.

The hearing will be broadcast on the House Oversight Committee’s website starting at 2 p.m.