Tony Scott was the Federal government’s third chief information officer, serving the nation in that role from 2015 through early 2017. During his time at the helm of government-wide IT, Scott led the development of 2016’s State of Federal IT Report, which left a lasting roadmap for modernization progress in the Federal government.
Scott sat down with MeriTalk founder Steve O’Keeffe on Wednesday at MeriTalk’s 2018 Cloud Computing Brainstorm to discuss that progress and all the pieces in play in today’s Federal IT environment.
Kicking the discussion off with a bang, Scott noted how difficult times–where we find ourselves today amid mounting cyber threats–can prompt responses that leave the entire technology ecosystem a stronger, more resilient place.
“Never waste a good crisis,” Scott advised, recalling the Office of Personnel Management hack of 2016 that led to exfiltration of millions of government employee records.
“On the one hand, you’d say we were unfortunate to have the OPM incident, but in another way, it was a fortunate event,” he said. “It was an eye-opening ‘Oh my God, this is a real problem,’ meaning cybersecurity, and we’ve really got to do something about it in a dramatic way.”
That jarring incident galvanized the Federal IT space to place greater emphasis on cybersecurity, Scott said. Now the topic sits at the forefront of nearly every discussion on IT procurements and new technologies.
“When you have an event like that, it brings it to the forefront, and you can compel action,” Scott said.
Underlying the cybersecurity discussion espoused by the OPM hack, Scott said, was the overarching imperative of IT modernization across the Federal government.
“Modernizing government systems turned out to be the real answer,” he said. “If you have the ability to use more modern technology, you can build in cybersecurity at the ground level, as opposed to band-aiding, bubble-wrapping on top.”
Scott noted how the Modernizing Government Technology Act “was a response to that” and the “ecosystem” is still forming around the new legislation. Gaining traction takes time, he said.
“You realize that it takes a while to get all the pieces in place,” he said. “I think we’re making good progress.”
Scott spoke about the strongest legislative measure of modernization progress for agencies, the Federal Information Technology Acquisition Reform Act.
“I would create some sort of core grade that didn’t change much from year to year,” Scott said. “Think of this as your core curriculum when you were back in college, and then you have electives.” The baseline criteria should stay consistent, Scott said, and current-year initiatives should be built on top of the baseline priorities.
His thoughts echo the sentiments of Rep. Will Hurd, R-Texas, chairman of the Oversight and Government Reform IT subcommittee that puts out the scorecard. Hurd has said the scorecard should evolve into a measure of agency “cyber hygiene.” Increasingly, OGR has implemented steps in that direction, but Scott said that more clarity can help agencies–rather than introducing new grading criteria at the time of scorecard release.
“I’m not a fan of the big surprise, the big reveal,” Scott said.
On New Faces at the Top
Scott said he has been in conversation with new Federal CIO Suzette Kent, and new Defense Department CIO Dana Deasy, as they begin their work at two of the Federal posts most capable of driving IT reform.
“I think both of them are very open to advice and are listening,” Scott said. “I think they’re both going to do well in moving a non-partisan, ‘let’s just do good’ agenda forward. And I hope it stays that way.”
Underneath the two new leaders, Scott said the entire Federal IT workforce needs to be strengthened.
“The biggest problem both are going to face, and generically across agencies: we’ve got so many open positions,” Scott said. “It takes bodies to get this good work done in Federal government. You’re not going to do it with half a staff or a lot of people in acting roles.”
Across the Federal government, that priority has been firmly articulated as it pertains to agency CIOs. The recent IT executive order from the President, FITARA, and even more proposed legislation have all stressed the importance permanent-role CIOs that report directly to agency heads.
Scott said he feels Kent and Deasy know just how vital the IT workforce–from the top down–will be.
“A day [that] a position is unfilled is a day wasted in terms of moving this agenda along,” Scott said. “That has to be a high priority. I think both understand that.”
Scott said the workforce shortage presents a dire situation, and the Federal government could look to fill gaps with non-human help.
“I think clearly this is a crisis that keeps getting worse and worse and worse every day,” he said. “Frankly, I don’t see the solve in place yet.”
Scott said that simplifying government processes and evaluating where operations can be slimmed will help bridge the gap, but that it must go further.
“It’s very clear that even with an accelerated plan and highly successful plan, we are just not going to have the people in place to do all the work that’s required,” he said. “We’ve got to automate like crazy.”
On His One Big Change
While the automation change has been rumbling the IT landscape for some time, Scott was asked about the biggest single change in the Federal government he would enact right now.
While CIO empowerment is important, and aligning the workforce below that level is as well, he said that making every important stakeholder aware of modernization needs will be the best way to drive funding and government-wide buy-in.
“We’ve got to have a way to drag more than just the CIOs into the conversations we’re having. I think we’ve got to get procurement, finance, the DepSecs [deputy secretaries] much more engaged,” Scott said. “We’ve got to get a lot more skin in the game from that collective set of people in order to really make progress. I think the executive order was a good start on that journey.”
Scott said he would “start dragging in the CFOs and assistant secretaries” to drive engagement across the agency and present a better case to appropriators, and increase the number of lawmakers attuned to IT modernization.
“The other group I would get much more involved is the legislators. We’ve got a handful that care about this stuff. Many more should,” he said.