Federal technology leaders outlined their biggest priorities for IT modernization, including bolstering cybersecurity, leveraging new modernization funding models and developing policy and guidance to govern emerging technologies, during the Department of Labor's (DOL) Federal Tech Day 2023 last week.
“Technology isn't the be all and end all reason to do everything that we're doing, but [we're] making sure that we really are living by those basic tenets and bringing the change management required to the people," Federal CIO Clare Martorana said at the event. "There's the people and the process part of this as well that I think is a really important component of digital transformation, because if you're not bringing the people along on the journey, just delivering technology solutions is not going to net you the benefits that you anticipate."
Bolstering cyber capabilities
President Joe Biden’s Executive Order on Improving the Nation's Cybersecurity, which mandated federal agencies adopt zero trust architectures, just reached its two-year anniversary. Since then, federal agencies have taken on new strategies to bolster their cyber posture.
“What has changed since those moments? One of them that comes to mind for me is immediate movement to host level of visibility across federal agencies. That's massive,” Associate Director of CISA’s Cybersecurity Division Mike Duffy said at the DOL event. “Really, that shift in the way that CISA can be enabled to reduce risk, not just advise or manage or be aware of things happening, but being able to work side by side with agencies to actually take action is incredible.”
One of CISA’s primary focuses is reskilling its workforce, not just expanding it. Duffy said this is especially critical as emerging technologies such as artificial intelligence (AI) become more integrated into the future workforce.
“We need to be thinking about creative ways we pull the right people into these jobs. Reskilling is something that CISA does through our cyber or federal cyber skilling Academy,” Duffy said. “Second piece of that is really to make sure that the team that is on the frontlines fully understands what is being communicated as it relates to government policy and strategy right now. That is absolutely necessary when we're talking about zero trust implementation.”
As the cyber threat landscape evolves, DOL leaders are leveraging identity management solutions to protect against fraud and improper payments.
Jim Garner, DOL’s administrator of the Office of Unemployment Insurance, said the agency saw a massive uptick in fraudulent activity at the beginning of the COVID-19 pandemic.
“What changed during the pandemic is our state partners are like, we need the federal government to be involved in this fraud prevention effort,” Garner said. “We really think there should be a federal approach to this issue. So that's what really was the impetus for us to really start getting involved. Congress, thankfully, provided some funding and under the American Rescue Plan and the Secretary of Labor set up the Office of Unemployment Insurance Modernization.”
DOL’s Office of Unemployment Insurance is currently undergoing a project with the General Services Administration (GSA) to leverage login.gov to improve unemployment insurance security.
“We have a couple of pilots going on right now. States are piloting that. It's looking very, very promising and we anticipate very soon opening up this opportunity for all states to use that as an online identity verification solution. We are also very concerned about the access and making sure there's equitable access,” Garner said.
Within the Office of Workers' Compensation Programs, the unit developed the OWCP Connect System, which allows authentication using a PIV card, uses CAPTCHA tests for initial registration to prevent bots from getting in, relies upon user selected security images and key phrases to prevent phishing, and uses geo tracking and device detection with security questions and verification codes.
“Then there's that multiple second factor authentication with choices that include device registration and security codes via email or SMS,” the unit’s Deputy Director Nancy Griswold said. “As of April 25, this OWCP Connect system has been used for identity proofing for 470,000 individuals and for actual authentication over 14 million times.”
DOL’s Black Lung Program also started using AI to modernize CM929 forms, where people report changes to their status. AI allows the program to automatically validate eligibility status and changes in a timely manner to help DOL avoid improper payments. The energy program committed resources this past year to update the Energy Document Portal (EDP), which they use in connection with DocuSign to allow claimants to securely submit electronic forms and slash processing times.
“The cyber game doesn't change. Anything, in my opinion, that is human made can be human broken. And so, everyone needs to continue to take ownership of our data that's being out there. We should not assume ever that someone does not have or can collect the data that they need to perpetrate and pretend to be you,” Leyla Mansur, DOL’s director of Program Planning Evaluation and Management, said at the DOL event.
Leveraging the Technology Modernization Fund
The Technology Modernization Fund (TMF) has invested over $700 million dollars across 40 different federal modernization projects since its launch in 2018.
“The TMF has been such an important vehicle for modernization – to act quickly, to explore new technologies, and to really have a path forward to address some of our legacy challenges that haven't fit very well into the standard budgeting process,” Suzette Kent, the former federal CIO who spearheaded TMF, said at the DOL event. “We tried to create a lighter process, a faster process, but with lots of support from technology leaders.”
The United States Department of Agriculture (USDA) has been awarded five of the 40 TMF investments. David Peters, the agency’s associate CIO, said the TMF has been a strong enabler for the USDA.
USDA collects, aggregates, processes and quicky distributes information, which requires a strong enterprise secure network to operate efficiently. Under TMF, USDA is transforming into a consolidated enterprise network to enable the mission.
“The TMF really helps USDA communicate a strong business case and helps our missions continue,” Peters said. "As we look to implement things like zero trust and improved and increased cloud integration, we're flattening 17 networks down to one and taking a real enterprise approach that is very enabling for USDA. The economics are absolutely positive, absolutely strong for USDA, for our stakeholders, for the American public.”
DOL has been awarded three investments under TMF. DOL Branch Chief for ETA IT Systems Kris Mena oversees DOL’s Foreign Labor Application Gateway (FLAG) digital platform, which replaced a legacy system created in 2009. In two weeks, DOL will replace a second, 19-year-old legacy system with FLAG. DOL’s initial TMF award digitized the agency’s temporary labor certifications.
“We took the blue paper away, we took a 20-page certification and cut it down to a one-page approval appendix, and then we set up an interagency data hub so USCIS can come in and electronically pull the data when they need it,” Mena said. “We're saving on an annual basis about $3 million in supplies and the temporary labor certification program. … We've increased the number of certifications that we can issue in a day by more than 200% in some of the programs.”
DOL’s permanent employment program is set to go-live at the end of the month. That program represents about 78,000 U.S. employers and about 138,000 applications a year. Once production begins, DOL expects to shave 45 days off of the processing cycle and save U.S. employers about $1.5 million annually.
Developing tools for the future
As government continues on its modernization journey, CIOs reflect on how leadership, vision, innovation and mission-driving technologies will focus digital transformation efforts.
"Digital transformation, to me, is changing in the government the way we buy, build and operate software and hardware,” Energy CIO Anne Dunkin said at the DOL event. “The number one outcome is better service to the public, and we do it not only faster, but at lower cost, and in a way that we can then rapidly change it.”
U.S. Customs and Border Protection (CBP) CIO Sonny Bhagowalia said he focuses on providing secure and reliable technology services and data at mission speed to authorized users and devices. Because business is digital now, CBP is homing in on user experience in a “digital first” environment.
“We have to innovate because AI technology only automates inefficient processes, but digital offers you a way to reengineer other processes and also bring that CX (customer experience),” Bhagowalia said at the DOL event.
CBP’s digital automated chatbot reduces errors and enables better data-driven decision-making and critical exchange. Under CBP’s biometric entry/exit process, the agency processes a million people per day and a total of half a billion people over the last four years.
“We had sort of 99.5% matching within two seconds adjudication going back, and so that processing is amazing,” Bhagowalia said.
Looking ahead, CIOs are turning to emerging technologies such as AI, virtual reality and operational technology (OT) to improve efficiency, safety and mission delivery.
"There's dirty and dangerous work that people do that we can give to AR/VR situation or a robot or a drone. We can get people out of situations where they're in environments that are radioactive, for example,” Dunkin said. “Those things free up the humans to do what humans are good at.”
Martorana said agencies should explore AI use cases for cutting down the time tax while driving higher value.
“There's a lot of work going on, both on the rules and regs, but also on the way that the government does need to lean into this to make sure our workforce is best equipped and best enabled to meet the moment,” she said. “It's about communication and us being open, transparent and willing to share information, and not hoard the information to be able to bring us all along on the journey. Because the technology is not going to slow down. We have to speed up.”
Bhagowalia said he anticipates a rise in edge computing to enable more data processing, analytics and storage closer to the network edge. CBP conducts 10 billion transactions, about 50 billion data exchanges, and processes about 175 petabytes on its network every day.
"We have autonomous surveillance towers where we can start sensing what's coming in and out, and it's just processing information and sending it in and then a human reacts to that,” he said. “We figured that by 2025, 75% of that data we process will not be in the data center or cloud, but right at the edge.”