If you might be searching for consistency in what you are promoting life, the federal expertise sector is a good place to be.

Let’s be clear, issues change. New priorities emerge. Old priorities fall under the radar.

But 12 months after 12 months — and I’ve been doing this now for 25 years — there persistently are story strains that ebb and move like an excellent cleaning soap opera. But as a substitute of the “shocking” revelation of a personality getting back from the useless or out of coma, it’s extra a few storyline or character getting back from an extended trip.

For 2022, federal expertise storylines continued to concentrate on cybersecurity, IT modernization and the skillsets of the workforce, whereas areas like buyer expertise, provide chain safety and plenty of others emerged.

Federal News Network requested former and present federal expertise executives to weigh in on that 12 months that was 2022 and supply their tackle how the storylines drew within the viewers over the past 12 months.

The panelists are:

• Jonathan Alboum, the previous chief info officer on the Agriculture Department and now federal chief expertise officer for ServiceNow
• Ann Dunkin, the chief info officer on the Energy Department
• Julie Dunne, a former House Oversight and Reform Committee employees member for the Republicans, a former commissioner of the Federal Acquisition Service on the General Services Administration, and now a principal at Monument Advocacy
• Kelly Fletcher, the chief info officer on the State Department
• Mike Hettinger, former House Oversight and Reform Committee employees member and now president of Hettinger Strategy Group.
• Keith Jones, former State Department CIO and now president and CEO of the Edgewater Group
• Janet Vogel, the previous chief info officer on the Department of Health and Human Services and now president of the Vogel Group.

What are two particular accomplishments in 2022 throughout the federal IT and/or acquisition neighborhood? Please supply particulars about these accomplishments and why you although they’d an impression and what adjustments they introduced.

KF: To allow chief info officer oversight of IT funding portfolios throughout the federal authorities, many companies are transitioning to massive, cross-cutting IT contract automobiles. Two examples are: the Joint Warfighting Cloud Capability (JWCC) on the Defense Department and State’s Evolve indefinite supply, indefinite high quality (IDIQ). DoD’s multiple-award JWCC automobile supplies DoDwide entry to business cloud capabilities instantly from class-leading cloud service suppliers. The Department of State’s multi-billion greenback Evolve IDIQ program will do the identical throughout all main technical service areas. Following technique growth, acquisition planning and business outreach, we lately launched the ultimate request for proposals. Positioning the federal authorities to leverage massive multi-award IDIQ contracts is a significant step ahead. At State, efficient procurement of IT companies and merchandise for the division can also be key to Secretary Antony Blinken’s agenda to construct a State Department geared up to innovatively and securely function within the twenty first century.

JD: FedRAMP Authorization. I can bear in mind when this invoice was first launched, and we labored on refining the language across the identical time the Modernizing Government Technology Act was transferring ahead. I feel the presumption of adequacy within the Federal Risk Authorization Management Program (FedRAMP) authorization language must be useful to company CIOs who should tackle the chance and cloud service suppliers searching for to enter the market, however it’s nonetheless a problem for brand spanking new entrants to seek out an company sponsor for his or her options. The language additionally emphasizes the necessity for automation and sharing of FedRAMP package deal info — all useful to the companies searching for secured options and opening the market to extra answer suppliers. The language additionally establishes the Federal Secure Cloud Advisory Committee offering a discussion board for higher stakeholder collaboration — particularly with cloud service suppliers. The committee is meant to have 15 members, together with 5 cloud service suppliers and the General Services Administration is directed to nominate these members inside 90 days of enactment. I hope GSA strikes rapidly on this requirement.

Customer expertise govt order. I do know the EO got here out in December 2021, however we actually noticed a variety of exercise within the buyer expertise space as companies pivoted in 2022 to ship on the promise of the EO and the President’s Management Agenda outlined buyer expertise priorities. In 2022, companies put individuals in place and actually centered on transferring ahead with the journey mapping of life experiences. And the Technology Modernization Fund tagged $100 million to help buyer expertise initiatives — the primary CX-related TMF award was made in December. I can bear in mind having buyer expertise conversations at GSA after I was there in 2019, however in 2022 there was simply much more buzz governmentwide about the best way to ship on buyer expertise. This exercise provides contractors the demand alerts that assist form answer supply.

MH: Overall, I feel we’ve made important progress in cybersecurity typically, and 0 belief particularly. Beginning with the issuance of the OMB zero belief technique in January 2022, we’ve seen OMB, together with the Cybersecurity and Infrastructure Security Agency (CISA) aggressively push companies towards zero belief adoption. With the Defense Department’s launch of their very own zero belief reference structure and technique later in 2022, we’ve the makings of some important adjustments in how federal networks are secured. These insurance policies, mixed with elevated consideration and in some circumstances funding from Congress, has us transferring in the best path on cybersecurity.

The different success I’d level to is CX. Similar to what we’ve seen with cybersecurity, the CX govt order appears to have bounce began companies concentrate on essential CX initiatives. As we stay up for the 2024 budgets we count on to see elevated funding requests for CX-related initiatives, because of the EO, in addition to different CX-related initiatives. I’ll add that TMF has performed a task right here too, saying earlier this 12 months that $100 million in TMF funds can be devoted to CX initiatives. This is beginning to pay actual dividends.

JV: Accomplishment primary is the award of the DoD cloud contract. Finally! This contract award was on a protracted timeline. It is a crucial instance for us in that as a lot because the federal neighborhood has targets to simplify the contract actions, acquire improved quantity pricing and enhance consistency — it’ll take a number of steps, or phases, to attain them. This procurement ought to remind us that competitors is a part of the material of our nation. The award went to 4 distributors and will take us a bit nearer to realizing the objective of bettering pricing because of the quantity of labor they are going to be receiving. This supplies some consistency for the business firms concerned, simplify a few of their contract actions and, hopefully, present some stability for fiscal planning and staff.

JA: With main IT and information modernization initiatives underway on the Centers for Medicare and Medicaid Services, the Food and Drug Administration, the NIH, the Centers for Disease Control and Prevention and the Department of Health and Human Services reaffirmed their dedication in 2022 to put money into IT, overhauling their expertise spend to enhance efficiencies and make companies simpler for residents and staff to make use of. Applying learnings from the COVID-19 pandemic, this was a powerful step by the company to additional put together themselves for the CX govt order and the general public’s expectations for a digital authorities. Citizens more and more count on public companies to perform with the agility and accessibility because the personal sector. This is a step in the best path for one of many largest U.S. federal companies.

Second, the Binding Operational Directive (BOD) from CISA at the beginning of the 2023, BOD 23-01, refocused many companies on the steps they should take in direction of automated asset administration in 2023. In line with present progress in direction of zero belief architectures, that is an thrilling and crucial forcing perform throughout the federal authorities.

KJ: CISA initiated true buyer assessments and cyber experience throughout departments and companies that can result in enhancements of cyber postures of those organizations. Under the management of Jen Easterly, CISA management introduced the essential sources to the desk to carefully look at an companies cyber posture from all angles from Architecture to Identity to Zero Trust roadmap planning and governance.

AD: At DOE, we’re actually excited in regards to the interagency collaboration to ship dashboards and instruments to help the president’s Justice40 initiative. Both unbiased and shared efforts are occurring throughout the administration on the White House and a number of cupboard stage companies to trace impacts to underserved and overburdened communities and to trace supply of advantages to these communities. These efforts are making a distinction to get Bi-partisan Infrastructure Law (BIL) and the Inflation Reduction Act (IRA) funds to the communities with the best want.

Within DOE we’re actually enthusiastic about Frontier, the primary exascale supercomputer and, presently, the quickest pc on this planet. While I don’t oversee analysis at Oak Ridge National Laboratory, the developments in supercomputing will instantly impression IT, info administration, operational expertise and cybersecurity all through DOE, the federal government and the personal sector.

What expertise or acquisition initiative or program stunned you based mostly on how a lot progress it made or how the items and elements got here collectively and why?

JD: Section 876 authority. This is a little bit within the weeds, however I’ve been happy to see GSA’s use of the Section 876 authority, rising competitors on the activity order stage. This was a provision I labored on within the 2019 National Defense Authorization Act and now GSA is adopting this strategy in main upcoming contracts like OASIS+ and Alliant 3. Before this authority turned accessible, we had been asking potential contractors to spend some huge cash in growing proposals to make their greatest guess on pricing. Section 876 authority provides acquisition professionals the flexibleness to seek out essentially the most certified contractors after which make them compete on worth on the activity order stage. It appears intuitive that you simply’re probably not going to know the best way to worth at any form of detailed stage when vetting contractors on the grasp contract stage since you don’t know precisely what companies are going to want till they concern particular necessities on the activity order stage.

GSA/DIU partnership. In the federal acquisition world, companies are all the time on the hunt to increase the entry to expertise, and I feel the partnership GSA introduced in May 2022 with the Department of Defense’ Defense Innovation Unit (DIU) was an ideal step ahead towards that finish. GSA and DIU signed a memorandum of understanding (MOU) to make it simpler for companies to entry revolutionary expertise options by bringing DIU expertise options to GSA’s a number of award schedule. I feel this kind of coordination throughout authorities is essential to make sure companies have entry to rising applied sciences.

JA: In late 2021, the Biden administration revealed its President’s Management Agenda, which underscored the necessity to ship larger digital companies for residents and staff. Following pandemic shifts in how residents count on to work together with the private and non-private sectors, the PMA was an inflection level within the federal authorities’s ever-evolving digital transformation. By designating 35 excessive impression service suppliers, the administration created focus and priorities for an awesome activity. Throughout 2022, we noticed companies speed up enhancements in buyer expertise and chart a course for integration of cross-agency features and packages.

AD: Going for the comparatively obscure, I feel that the efforts of the unreal intelligence neighborhood to reply to the request to stock federal use circumstances has come collectively quicker than anticipated and is offering info that can assist the federal neighborhood be taught from one another. We’re already seeing outreach inside that neighborhood as departments and companies take a look at one another’s inventories, ask one another questions leverage talk about leveraging capabilities. This helps the federal government know what the federal government is aware of. This mirrors DOE’s inner efforts to stock our capabilities in 5G and cyber protection analysis with the express objective of serving to DOE and our interagency companions know what DOE is aware of.

I’m properly conscious that we haven’t met all of the expectations for the EO on cybersecurity, however the actuality is that the federal authorities as a complete has made a tremendous quantity of progress on an enormous scope of labor that was added to an already full plate with out incremental funding. In explicit, organizations are making substantial progress in direction of not solely implementing multi-factor authentication and 0 belief throughout the enterprise, however, extra importantly, in making the cultural change required to completely execute this transition.

KF: The Department of State has quickly made progress in implementing the requirements established in E.O. 14028 [cybersecurity]. In lower than two years since President Joe Biden signed the chief order, the Department of State has made strides in establishing a zero belief safety framework, encrypting information in transit and information at relaxation and pursuing extra thorough cyber provide chain threat administration packages. The Department of State has additionally efficiently applied multi-factor authentication (MFA) throughout all our programs.

 What emerged as the largest problem of 2022 that can have an effect into 2023 and past?

AD: The battle in Ukraine has, as soon as once more, raised the extent of cybersecurity risk to the general public sector. In DOE’s case, which means not solely our IT property, but additionally our working expertise together with the ability grid and our manufacturing crops, our analysis property throughout the nationwide labs and the privately run power sector. We anticipate that the risk stage will solely ratchet up. We should proceed to be vigilant and take a threat based mostly strategy to the threats going through our property and staff.

MH: Software provide chains emerged as a big problem in 2022 and that is sure to hold over into subsequent 12 months. At the tip of the day, that is actually a compliance concern however one which’s going to come back quick and livid subsequent summer time because the self-attestation necessities of OMB memo M-22-18 kick in. How business responds to those necessities, together with how versatile OMB shall be with their implementation, will go a good distance towards figuring out how a lot of a burden this is likely to be. I stay hopeful that robust compliance with the self-attestation necessities, will stave off the extra burdensome and dear full-blown software program invoice of supplies (SBOM) necessities that proceed to hover within the background.

KJ: Cybersecurity stays the largest problem total; nonetheless, sustaining that balancing act the place modernization initiatives and different efforts don’t get slowed down the place departments and company executives are simply catching on that cyber is severe. We have administration executives which can be overly excited and simply go down the rabbit gap on points that CIOs have needed to tackle for an extended whereas.

Delivering on modernization and transformation efforts will proceed to be a problem given the persistent cybersecurity threats that stay throughout the federal panorama. IT Executives are for excellent causes being hamstrung by cyber threats — which then lends alternative for delays on the CX and modernization entrance.

JD: Supply Chain Security. Supply chain safety has emerged as a posh concern that may impression contractors in massive and small ways in which turn into obvious with new prohibitions and/or compliance challenges. It can cowl all the pieces from manufacturing and increase the commercial base to purchase home or purchase allied to federal acquisition necessities to construct safe IT options and mitigate nationwide safety dangers by limiting procurement of sure items and companies.

KF: As many organizations can attest to, attracting and retaining high cybersecurity expertise stays a problem. We are sometimes in direct competitors with well-liked tech firms, in addition to our accomplice companies throughout the federal authorities. Recruitment and retention will proceed to be a problem as we head into 2023.

JV: The federal price range course of takes too lengthy and is all the time a bet for departments which develop budgets two years upfront. The potential to implement safety and IT capabilities simply doesn’t occur in a single day. Any break in funding or delay of packages can have very damaging impacts on companies to residents.

JA: Cybersecurity was clearly a high concern for all organizations in 2022. While progress was made by companies in scoping their zero belief plans, the CISA BOD 23-01, emerged as an necessary set of goals for all companies to enhance asset visibility and vulnerability detection. Understanding the units, information and purposes in your community, are three of the pillars of CISA’s zero belief maturity mannequin. Implementation of this BOD will advance zero belief plans in a significant manner in 2023 and past.