Federal CIO Q&A: Security, Sequestration And More - InformationWeek
Government // Leadership
03:01 PM
Connect Directly

Federal CIO Q&A: Security, Sequestration And More

Biggest challenge in realizing agile, efficient government IT continues to be the required cultural change, says Federal CIO Steve VanRoekel.

PortfolioStat -- we'll do a major check-in on deliverables from last year, like, 'Where are you on commodity IT,' and then we'll start to move up the stack. What we learned as we started doing PortfolioStat is that agencies fall into one of four categories. They're either the Wild West where every department, every subagency does their own thing, procures their own stuff and there's a lot of fiefdoms. Then you've got the next level that's rationalized commodity IT, where they'll run one email system, have one way to procure computers or mobile devices. The third is where they've started to rationalize the mission side of government. The top level -- and we're starting to see some early indication of this happening at some of the agencies -- is a service orientation.

Say you come to me from some far corner of the department, and I'm the CIO, and you say, 'I want to build a mobile app.' I say, 'Great, here's a ready development environment, a test environment, a deployment environment,' and I give those to you as services. By developing in those environments, you snap to my enterprise architecture, my cyberinfrastructure. As we think about that commodity [direction] and building mission-based solutions, there's a lot to be said to move up that stack.

There was also a big focus in PortfolioStat on the establishment of investment review boards to get agencies to think about IT as a piece of a broader puzzle in managing their departments. So we're going to continue to think about strategic planning.

The Digital Government Strategy is continuing. It launched in May as 12-month strategy with a bunch of deliverables. The intention was to start to change the culture around the way we treat data, build mission systems, embrace mobile, think about security and privacy on the mobile platform, and really turn the dial on citizen-facing services. A lot of the deliverables are tactical, but they're in search of this objective of thinking about a more modular government, a more open, standards-based data approach, and about citizen services in a way that's much more open.

InformationWeek Government: The Open Data Policy is part of that. When should we expect something there?

VanRoekel: Forthcoming. I won't predict anything in terms of time, as there are clearance processes, but you should expect some stuff pretty soon. The spirit of that is machine-readable [data] becoming the default, thinking about standardized schemas, rethinking data.gov -- all of those are things that you should expect in 2013 coming out of the Digital Government Strategy.

The strategy is a piece of a broader innovation agenda of the administration that includes the Presidential Innovation Fellows program that [federal CTO] Todd Park and I are working through, and rethinking the impact of those efforts to build platforms to scale inside government, things like MyUSA to think about citizen-based access to government or how we present medical records to veterans in a new way. All of that is around an agenda that is centered on open data, open platforms and building in new ways.

InformationWeek Government: What's next with CyberStat?

VanRoekel: We have a close working relationship with the national security staff, including federal cybersecurity coordinator Michael Daniel. One of those things is that the tenets of CyberStat are the right things -- continuous monitoring, Trusted Internet Connections, HSPD-12 cards and multi-factor authentication. All the elements of CyberStat are going to be consistent [moving forward]. You'll see continued progress on that. FISMA only gets us so far, checking your cybersecurity posture every several years through a FISMA audit is not even close to real-time enough, so the big effort we've been putting forward is turning the dial on continuous monitoring.

How do we set up a government-wide vehicle for agencies not only to pipe their traffic through a trusted connection and monitor that connection through our efforts with the Einstein project, but also think about the network itself? A lot of the threats come when someone plugs a USB device that's been compromised inside the network, so continuous monitoring will cover a broader range of the threat surface.

We just put out a contract to [the Department of Homeland Security] and [the General Services Administration] that not only covers the federal government but has partnerships that reach down to state, local and tribal, so we're going to combine the buying power of a big entity to go out and tackle this challenge. This year, you're going to see lots of progress on it.

FedRAMP is a big category of it as well, as we think about the continued evolution of cloud computing. The second vendor has been authorized on FedRAMP. I think we're going to see a pretty steady clip. We have about 70 vendors or more standing right behind them in line.

2 of 4
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
John Foley
John Foley,
User Rank: Apprentice
2/26/2013 | 7:30:11 PM
re: Federal CIO Q&A: Security, Sequestration And More
Near the very end of this interview, the federal CIO says his goal is to reach a point where government IT is "modular, agile, and super-efficient." That may be the best, most concise statement of direction for federal IT that I have seen.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll