Adapting to Data in Federal

Watch this webinar to hear from Federal CIO Suzette Kent and how the government adapts to a hybrid environment and leverages data-driven decision-making to improve adaptability.

Meagan:

Good afternoon everyone. Meagan Metzger here. I’m the CEO of Dcode. And if you are not familiar with Dcode, or you’re new to our really fantastic community, quickly on us. Our sole mission is to better connect emerging technologies and the government market so that the two can work together to really move missions forward, and make the best use of private-sector innovation. So part of that is bringing the entire community together to just really have dynamic conversations.

We’ve kicked off our virtual series a while back. I think the first week we all went home we said let’s do a virtual series. And we’re honored to have a really, really fantastic lineup, including the one here today with Suzette Kent. We just wrapped one about 15 minutes ago with the assistant secretary of the Navy, and next week we will have Congressman Seth Moulton join us as well. So keep tuning in. But Suzette, welcome. And I think you need no introduction as the Chief Information Officer for the United States but would love to have you just do a quick hello to the group here.

Suzette:

Hi. Well, good afternoon Meagan, thanks. I am glad to be here. And as you and I were getting ready for the session, you also asked, I am sitting here in DC in front of the fantastic Department of Transportation. So if any folks actually happen to be in the building, but most folks are working at home and remotely. But I am glad to be here today. And forums like this are great to continue talking about important issues and thinking about things, not only that are about what’s going on now, but how we continue to move forward.

Meagan:

Yeah, fantastic. So I think we’ve got a lot to cover and we’ll try to keep it really interesting. But, I almost divided our conversation maybe into two parts. So there’s the part of your job where you are helping with the actual COVID crisis by engaging with external players and providing support back out to the citizens of the United States through the government. And then there’s a part where you’re supporting modernization and all of the people that are now teleworking that are probably used to very different modes and culture. 

So maybe we’ll start with the first. And I know that you’ve been involved in a lot of efforts in engaging with the private sector, with task forces across different agencies. And as we talked about yesterday, there’s no shortage of people that rise to the occasion. So I’m curious to hear your perspective of who’s stepping up to the plate from the community and the players we engage with, and really what’s new and what’s not any different?

Suzette:

Yeah. Well, thanks for the way you phrased the question and you hit it right. The role of, not just myself as the federal CIO and my team across OMB, but all of the technology community. Right now we’re trying to focus on two things, mission continuity, and response. And everyone has a role in both of those. And as you said in the response area, our role is really to coordinate and enable. And in many cases, we had to move very quickly. So, we have an opportunity, whether it’s through guidance or through some of the forms to distribute, to move information, to convene, and to get action. And that was really important in the response situation. Also as kind of ensuring that the key part… I call myself and my team; we are the enablers of the federal IT community. So that means that the tactical things every day like policy. But in this situation, it was making sure they had the resources that they needed.

And that could come from inside government, that could be things like data sharing, it could be how we accelerated contracts. And in many cases it was with our vendors. And that was a key part of my role is, talking with the vendors. And on a day-to-day basis, every agency has their own relationships. But many of those are with the same partners. But as we were going through this, sometimes we had choices. They were hearing a lot, there was a lot of traffic, and what things were first? What were the top priorities, and where were the big issues? And those were important dialogues. I know I’ve said in other online things like that I’ve been thrilled and amazed at how the community has stepped up. Both the technology teams and all of our vendor partners. There are some agencies that are working continuous shifts, there are solutions that were set up in days. And in government terms, that is incredible, it’s absolutely incredible.

And things that we had to do specific to the response, whether it was treasury or SBA, or HHS, or others, where something had to be put in place very, very quickly in order to support citizens. We also had to keep everything else going in a massive telework environment, and where we saw the bad actors try to use that change in operational posture to do bad things. So, all those things happened at the same time. And it’s really inspiring that as we look at this long end, almost two months where agencies have sustained operational posture, they have been incredibly aggressive in response. And we are continuing forward, and that gives us some proof points for what the future looks like.

Meagan:

Sure, that makes a lot of sense. And one of the things I know that you’ve written about is, that data will have such a big play in the sharing of information that you mentioned earlier. And Dcode, we’ve run I think five or so accelerators specific to data tools. Because one thing that we hear consistently from agencies is, they’re having challenges with how modern their infrastructure is. How do they access data? You’ve also talked about leveraging COTS on solutions. How do you see those worlds colliding so that agencies can make the best use of data and respond to the crisis?

Suzette:

Yeah. Those are two things that have had some really great outcomes. I’m going to do the COTS one first because that one’s actually kind of easier and faster. And you and I talked about it a little bit in front of this. Scalable, cloud-based, easily configurable commercial solutions in so many cases helped us move quickly. And many of those things that I mentioned that we set up in days, and we responded to, and they were secure and scalable, were commercially available solutions. And those were the things that gave us the ability to move quickly. So that’s been a fantastic story. On the data side, it became evident, not just for the disease-specific activities, but for understanding how to manage our supply chain of key things, and what position states and localities were in. Where were there areas of concern? That data was so critical.

And you saw that in both data sets, HHS did the protect initiative where they brought together multiple data sets. We also made available high-performance computing capabilities at Oak Ridge and other places for external and private sector parties. You saw private sector players step up and do really interesting things with sharing data, and it accelerated. We had some of those principles in the federal data strategy, and we had agencies that were doing some things, but I would call it kind of like this. And this helped take those foundations and explode it, because of an urgent need and a commitment to the same thing. I think that as some of those protocols were put in place, and there were agencies even in the response where the treasury had to share information with SBA, and SSA had to share information with the treasury, we recognize that the outcomes are better when they’re driven by data and we bring that collective together.

So, think what we’re still seeing is that drive; it will continue forward. We have things that we’re going to do around how funds were spent in response, and continued understanding. So, it was an amazing proof point that accelerated the concepts, and now we have to continue to drive that. And that was one of the goals of the president’s management agenda anyway, to put the infrastructure in place to become data-driven. We still got gaps in infrastructure; you probably know that, as you can talk about it as well as I can. But now we have I’ll say, the consumers of the data understanding. And I think that that will help us continue to keep the speed on.

Meagan:

Yeah, yeah, absolutely. I think having the consumers there definitely will help with the adoption. And that was one of my next questions was, we’re making such great progress because we have no choice in these times. And history has shown us that sometimes in response to things very quickly we develop fast solutions and then they go away. How do we actually take what we’re learning here and sustain it, so that we are more resilient in the future?

Suzette:

Yeah. Meagan, that is a great question. And I think that that recognition, there were quite a few when we went into this from both the government and the industry side that had a memory, had a couple of memories of things that they had been through and that was a concern. So some of the discussions that we had as we were looking at how do we drive response, or how long is this going to last? And what outcomes are we going to need, not just in the next 10 minutes but next month, next year? And that drove many of the solution approaches. It also drove the data models that were put in place. It was also a reason why so many of the things we looked to use commercially available solutions or scale things that we already had inside the federal government.

So it wasn’t in most cases, even though the specific use for the application might be different, it wasn’t a new process of an end-to-end new system. It was things that we knew and understood and we extended, or we extended more broadly across agencies or we extend it… We can configure a component of the functionality. So that gives it more staying power. That also helps as we may add other things that we can build into existing processes and existing protocols. And we’re comfortable because many of the things that we did have been stairsteps. So those were good outcomes, and I think those were learnings from previous things.

Meagan:

Yeah. Yeah, it’s interesting. Dcode actually runs a course for government leaders on, how do you infuse, not just emerging tech, but we’re talking a whole culture change. There’s a different mindset that comes with extending like you’re talking about, and really driving forward. And it involves procurement, it involves legal, it involves the mission owners. What is the biggest… What would you say you attribute the biggest success for in changing the culture to make that happen? And then maybe some funny stories about where we’re still lagging in getting the culture to move forward.

Suzette:

Yeah. I use this comparison with someone, and then I’ll share some of the funny stories. When I was in financial services, and the horrible tragedy of 9/11 happened, but we couldn’t move paper. And anybody on the phone that’s over a certain age, might remember writing paper checks and getting paper checks. But we had the technology to use images, we had the technology to exchange, and those things were in place, but no one was really adopting it. Well when that scenario happened, and if you didn’t accept an image, money couldn’t move. It affected our commerce. The adoption was forced. And so, in this particular situation, when we have agencies working at almost 95, some agencies are at 95%, but a high percentage of agencies working remotely. And it’s about their health and welfare. They don’t say no to collaboration tools and they’re getting comfortable with how you share documents online.

And it’s great when you hear a very senior person at an agency approve something with a digital signature. I was like, “Woo!” I had somebody share with me, talking about working from home, and the person actually said, “Yeah. I’m actually reading my documents off my monitor.” I said, “What do you mean?” And the person said, “Well, I always printed them out.” What? And it’s absolutely thrilling when I’ve heard some, again, folks who you might have had to force them to adopt before, or they didn’t even take their equipment home, talking about, “Oh, did you see this feature?” And, “Wait, I like that chat function. People can ask questions while I’m talking.” So now we have all probably heard the funny things about playing bingo or, are you on mute? Why aren’t you on mute? And that type of adjustment. But overall it’s been exciting. And many individuals who I would say might have resisted some of the technology tools, not only have accepted them now, but now because of the duration they’re comfortable with them.

And that gives us an opportunity, again used as a proof point, it’s not the what if; it’s when I did it. When that happened, that let me think differently about a paradigm of what does… and especially in a situation where person-to-person contact poses risk, lets us ask different questions about, what does our work environment look like? And when do we need in-person activities? And can we think differently about distributed workforces? We also saw some teams that worked 24-hour cycles because they had to. But that also let them ask some questions of, “You know, maybe we can have different kinds of shifts and different types of schedules.” So, I’m excited that those experiences took away the what if, and how might it, to personal experiences that hopefully will help people think more broadly about ways that we can create a flexible workforce.

Meagan:

Yeah, yeah, absolutely. So, I’m curious, in that environment, now that we are focusing and becoming accustomed to like you’re saying, the virtual tools, we all know that that increases our attack footprint. And then we have to think about the software supply chain for example, and how secure is all of that. And what are you driving from your office to help agencies also reevaluate how they assess their footprint in a virtual world?

Suzette:

Yeah. That is one of the things we’re spending a significant amount of time on right now. And we’re asking the question in lots of different ways. Both, many ways and folks on here that are in the security side may be thinking through this, you assess what’s unusual based on what’s normal. And so when you have to reset normal and understand that is a significant set of activities, so how that happens has been really important. You’ve seen in partnership with DHS, multiple sets of tools have come out and additional protocols. In situations where we might have communicated in a monthly meeting or through email, we’re communicating almost daily, in forums whether online like this, or in discussions to act and share information much more rapidly. You also mentioned the supply chain, a situation where there is a disruption in certain things also shows us some of the fragile points in the supply chain.

So, using my term proof points, it’s another proof point for us to examine, do we understand the critical linkages of certain things? And do we have clarity around the things that are most critical to the missions of agencies in our citizen service delivery? And this unusual situation has exposed things that we’re going to consider. I don’t what the actions are yet, but we are looking at those as we do future scenario planning. I’ll share one other specific example across the technology community, we realized as many agencies examined their continuity of operation plans. Many of those didn’t have a special drill down for pandemics. Or if they did, we are learning things that will help make those assumptions and actions much more clear and inform them better. So we’ve captured a lot of those. I think a lot of those are going to help us as we move forward and help us focus some of the actions to continue to operate in this type of environment.

Meagan:

Sure, sure. So, I want to turn over maybe to take a couple of the audience’s questions. And so, one of the first ones here is, some of the agencies seem to have been informed, whether it’s the VA or the SBA of some malware in their systems. How are we collecting… I’m adding to the question here. How are we learning from those experiences at the different agencies in this environment to collaborate, and make sure that action is taken on those types of things?

Suzette:

Well, the good thing is that was some of the activities we did before, collecting data, whether that was through CDM tools, whether it was through maturing security services, ad agencies, and through the CISO community and CIOs that are leading those agencies. We had protocols in place. We had to, instead of those things being day-to-day, it was almost minute-to-minute. Those were very, very quick. I will say that, especially in the beginning, I met with the CIOs and CISOs every single day, and we talked about what was happening. We had open discussions with vendors. As you know, there were a couple of particular vulnerabilities that vendors came and shared with us, and we moved through adjusting those in I’ll say again, very aggressive, very short timeframe. Although some of the processes might have been business as usual, the timeline, the follow-up, and the getting it done were absolutely not business as usual. I also think we learned about some of our communications with our vendors and some of our global partners, and those will help inform the quality of information that we use going forward.

Meagan:

Sure, sure, it makes sense. And then, the next question here is related back to what we were talking about at the beginning around data. Has COVID really influenced, or do you think it’ll change how many agencies have chief data officers and the role of that position inside the different agencies to support this worldwide health response?

Suzette:

Yeah. So first of all, there’s a law, and all the agencies should have one even though… So let’s start there. Not all agencies have identified one. So we have around 80 identified. Many agencies already had one before there was a law, and they might have had a little bit different focus but in the end state they were all looking for a way to better use the data within their agency, and that was available to them. Not only for the mission but also to protect it, right? That’s part of the CIO’s responsibility, to protect the use of data, ensure it is in alignment with what we expect, all those kinds of things. What we have seen, and this is another example, is if anybody’s out there multitasking, I’m sure they’re not while we’re talking, ha, ha.

Meagan:

We’re so captivating, Suzette.

Suzette:

Exactly. And you can look at the agency websites, and almost all of them have a COVID information link, or some type of, whether it’s internal to their agency, or if they have a citizen serving function to those. Much of that is shared data, and they moved on that very quickly. I think the agencies, particularly the ones that are on the front line of this set of activities, have realized not only how important sharing data and common data models are, but the consistency of that information, and understanding the source and the quality of information. Now, if I go back to the federal data strategy, understanding your data infrastructure, assessing the maturity, and doing a data quality assessment was on the list. We’ve kind of learned that improving it, and the data strategy actually took the things related to COVID.

We just had a CDO meeting and pivoted to elevate those things that are specific to the response. So I don’t know that it’s changed anyone’s understanding of the role and its importance. It might have certainly changed the urgency. And it has certainly in many agencies shifted the priority of those actions for the agency. So the ones that are part of the response, it’s the daily discussion. But even an agency that may not be frontline to the response still has to understand what’s going on in the environment to understand or to plan for mission continuity and the safety of their employees.

Meagan:

Absolutely. And I think the chief data officer role will continue to evolve, especially as the data technology environment has shifted dramatically over the last several years too. And this next question is kind of related to that change. But, which agency do you think will come out the most changed, be it that they’ve done the most rapid modernization, or because they’ve taken this opportunity to go further than other agencies have?

Suzette:

Wow, that’s a great question. I don’t know that I’ve put them in a horse race ever like that. But I will say a couple of things that are outcomes that I’ve actually shared with a few. And because of these things, it puts certain agencies at the nexus of defining what’s next. Agencies own their own cybersecurity posture. Agencies are responsible for their own data. Agencies have unique missions. But what we’ve realized, whether it’s directly with the task force, or with sharing information across our health organizations, having some degree of commonality or at least interoperability for certain functions, video conference, document sharing, key data repositories. I even had a conversation with some of the states when we were looking at federal programs. So, unemployment, SNAP, those types of things.

Where the federal government is providing certain entitlements and certain benefits, and the state is responsible for qualifying who gets those. We need more commonality and consistency to be able to move quickly. So in some of those cases, agencies, the ask ends up on the table, like with GSA. Because they provide central activities, they ask when we look broadly in our nation for cyber ends up on SISs door front. Some of the things when we need to actually change the paradigm, they end up on OMBs door front. Wait, we need a new policy, we need guidance that says we can do it. So I think that there are policy implications, there will be operational implications. And technology and software implications hone in on those functions that enable us to work in this kind of environment to share data. And in cases where it’s citizen service related, that citizen experience is as common and consistent, and secure.

Meagan:

Perfect. Last question and then we’ll wrap. This went too fast. Let’s see we have one, actually kind of near and dear to my heart too. How does the government ensure that they’re surveying the landscape of up-and-coming companies and startups when looking at COTS solutions and not just the incumbents?

Suzette:

Yeah, that is a great question. I will say lots of different ways. In this case, some of the public/private partnerships have given us a lot of space to include up-and-coming. In many cases, as I shared, agencies had to… When you have to do something in hours, you’re probably looking at something that’s already in your shop. But those weren’t always just the biggest solutions. And very often those were things they were in the shop, but they were the most flexible solutions. And in a couple of cases what we were doing was a pilot and we scaled the pilot. Our CISOs who are on the line are probably pulling their hair out because they had to rush through stuff. But that’s one thing that I would say for new and up-and-coming and emerging companies as you expand either footprint or functionality with agencies, those pilots were really important to our being able to scale.

And when you talk about agency sharing, they were agencies who were sharing. If one agency was doing it, the other was accepting the reciprocal ATO in a way that hopefully will continue, in a way that was much was better. And in some cases it was really cool, agencies were sharing people, because we couldn’t put people on planes that knew certain solutions, but we needed somebody in like jurisdiction X. So they’d say, “Okay, well I’ve got three people that know that I’m going to send them over to you for that.” So I think in those cases as we progress forward, pilots help us have proof points, pilots help us scale faster. And in this particular example, being nimble, being quickly configurable, and having skillsets, or capabilities that were understood by the federal workforce and could be supported by the contractor workforce was important.

Meagan:

Yeah, fantastic. And my shameless plug, for anyone that doesn’t know Dcode is, if you are looking for emerging tech, that’s what we do all day. So, Suzette, it was really fantastic to have you on today. I really appreciate the time.