Guy Cavallo Archives | FedScoop https://fedscoop.com/tag/guy-cavallo/ FedScoop delivers up-to-the-minute breaking government tech news and is the government IT community's platform for education and collaboration through news, events, radio and TV. FedScoop engages top leaders from the White House, federal agencies, academia and the tech industry both online and in person to discuss ways technology can improve government, and to exchange best practices and identify how to achieve common goals. Fri, 03 May 2024 19:03:56 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.4 https://fedscoop.com/wp-content/uploads/sites/5/2023/01/cropped-fs_favicon-3.png?w=32 Guy Cavallo Archives | FedScoop https://fedscoop.com/tag/guy-cavallo/ 32 32 How cloud modernization transformed OPM cybersecurity operations https://fedscoop.com/how-cloud-modernization-transformed-opm-cybersecurity-operations/ Tue, 27 Feb 2024 20:27:00 +0000 https://fedscoop.com/?p=76126 By shifting to cloud-native solutions, the U.S. Office of Personnel Management has significantly enhanced its underlying security infrastructure to better protect the agency from evolving cyber threats.

The post How cloud modernization transformed OPM cybersecurity operations appeared first on FedScoop.

]]>
Few organizations in the world provide human resource services at the scale of the U.S. Office of Personnel Management (OPM). OPM oversees personnel management services for 2.2 million federal workers — and the retirement benefits for another 2.7 million annuitants, survivors, and family members. Because the agency also manages the federal workforce’s recruiting, hiring, and benefits management, OPM is responsible for handling vast amounts of sensitive data, making it a prime target for cyberattacks. 

Following a massive data breach in 2015, OPM instituted a comprehensive overhaul of its IT and security practices. However, in the years since, it became increasingly clear that without modernizing its underlying IT infrastructure, many of the remedies OPM put in place were becoming outmoded in the face of ever more sophisticated cyberattacks.

That was especially apparent to Guy Cavallo, who arrived at OPM in the fall of 2020 as principal deputy CIO after leading sweeping IT modernization initiatives at the Small Business Administration (SBA) and before that at the Transportation Security Administration (TSA). He was named OPM’s CIO in July 2021.

Recognizing new cyber challenges

“We looked at the on-premises cyber tools that OPM was running since the breach and saw while they were effective, with today’s advancements in AI and cyber capabilities, they weren’t keeping up with the attack vectors we’re facing today,” said Cavallo in a recent interview. Threat actors had shifted to identity-based attacks using more sophisticated tactics, requiring advanced detection and response solutions.

Guy Cavallo, CIO, OPM

“We knew with AI coming and the Executive Order on Cybersecurity requiring logging to get visibility into your environment, investing in on-premises hardware would be a never-ending battle of running out of storage space,” he concluded.

The cloud was “the ideal elastic storage case for that,” he continued. But it also offered other critical solutions. The cloud was the ideal way to host applications to ensure “that we’re always up to date on patching and versions, leaving that to the cloud vendors to take care of — something that the federal government struggles with,” he said.

Checklist for a better solution

Cavallo wanted to avoid the mistake he had seen other organizations make, trying to weave all kinds of tools into an enterprise security blanket. “It’s incredibly difficult to integrate them and not have them attack each other — or also not have gaps between them,” he said. “I’m a believer that simpler is much better than tying together best-of-breed from multiple vendors.”

James Saunders, CISO, OPM

That drove Cavallo and OPM Chief Information Security Officer James Saunders to pursue a fundamental shift to a cloud-native cybersecurity platform and “making that the heart of our security apparatus,” said Saunders.  

After reviewing the options, they elected to move to Microsoft’s Azure cloud-based cybersecurity stack “so that we can take advantage of the edge of cloud, and cloud in general, to collect data logs.” Additionally, it would mean “We didn’t have to worry about software patching and ‘Do I have enough disk space?’ It also allows us to springboard into more advanced capabilities such as artificial intelligence,” Saunders said.

Because OPM exchanges data with many federal agencies that rely on different data systems, Cavallo and Saunders also implemented a cloud access security broker (CASB) — a security policy enforcement engine that monitors and manages security activity across multiple domains from a single location. It also “enables our security analysts to be more efficient and identify threats in a more holistic manner,” Saunders explained.

Added benefits

“There is a general misconception that you can only use cloud tools from the host vendor to monitor and protect that environment.  We found that leveraging cyber defenses that span multiple clouds is a better solution for us instead of having multiple different tools performing the same function,” Cavallo added.

Microsoft’s extensive threat intelligence ecosystem and the ability to reduce the number of contracts OPM has to maintain were also critical factors in their decision to move to Azure, Saunders added.

The pay-off

The migration from on-premises infrastructure to the cloud was a complex process involving the retirement of more than 50 servers and the decommissioning of multiple storage areas and SQL databases, according to Saunders. The most challenging aspect, though, was not the technology but managing the transition with the workforce. Extensive training and organizational change management were as critical as the technical migration to the success of the transition.

According to Saunders, the benefits didn’t take long to recognize:

  • Enhanced visibility: OPM now has a more comprehensive view of its security posture, thanks to the centralized platform and increased log collection.
  • Improved threat detection and response: AI-powered tools and Microsoft’s threat intelligence helps OPM identify and respond to threats faster and more effectively.
  • Reduced costs and complexity: Cloud-native solutions eliminate the need for buying expensive on-premises hardware and software, while also simplifying management and maintenance.
  • Increased scalability and agility: The cloud platform allows OPM to easily scale its security infrastructure as needed to meet evolving threats and business requirements.

Collectively, those and related cloud benefits are also helping OPM make faster headway in meeting the administration’s zero-trust security goals.

Lessons learned

Perhaps one of the most important benefits is being able to demonstrate the magnitude and nature of today’s threat landscape to the agency’s leadership and how OPM is much better prepared to defend against it, according to Cavallo.

“When James and I showed them the visibility that we have from all those logs, it was a drop-the-mic moment for them. We can say we blocked 4,000 attacks in the last hour, but until you actually show them a world map and our adversaries trying to get into OPM, then be able to click and show the real details of it — those threats get lost in the noise,” he said.

“My recommendation at the CIO level is, this is a better mousetrap. But you can’t just expect people to flock to it. You have to go show them why it’s a better mousetrap.”

Among the other lessons Cavallo recommends to fellow IT leaders:

  • Focus on simplicity: Choose a single, integrated security platform to avoid the complexity of managing multiple tools.
  • Invest in training: Ensure your staff is trained and familiar with new cloud-native security tools and processes.
  • Start small and scale gradually: Begin with a pilot project and gradually migrate your security infrastructure to the cloud.
  • Communicate effectively: Clearly explain the benefits of cloud-native security to your stakeholders and address any concerns.

This report was produced by Scoop News Group for FedScoop as part of a series on technology innovation in government, underwritten by Microsoft Federal.

The post How cloud modernization transformed OPM cybersecurity operations appeared first on FedScoop.

]]>
76126
In IT strategic plan, OPM highlights retirement services goals https://fedscoop.com/in-new-it-strategic-plan-opm-highlights-retirement-services-goals/ Wed, 06 Sep 2023 16:52:13 +0000 https://fedscoop.com/?p=72532 The strategic plan discusses expected improvements to the agency's retirement services division, which is still experiencing a massive backlog of applications.

The post In IT strategic plan, OPM highlights retirement services goals appeared first on FedScoop.

]]>
The Office of Personnel Management — the federal agency that helps support millions of government workers — earlier this year released its latest information technology strategic plan.

The document, which outlines the agency’s technology goals for the 2023 to 2026 fiscal years, emphasizes OPM’s aspirations to update its systems and implement an enterprisewide approach. The plan also scopes out specific technology goals, including migrating data centers to the cloud, improving federal health benefits systems, and modernizing its website, OPM.gov.

In particular, the strategic plan discusses expected improvements to the agency’s retirement services division, which is still experiencing a massive backlog of applications.

OPM has repeatedly emphasized that new technologies could play a pivotal role in accelerating the retirement benefits application process. Still, the issue has attracted ongoing scrutiny from Congress, and, as FedScoop reported this summer, a Senate subcommittee is eyeing a new hearing focused on these delays.

The IT strategic plan, released in May, outlined several key technology goals for the retirement services division, such as instituting a newly modernized cloud-based retirement services calculator designed for division staff and implementing online systems for retirement application processing, including the Online Retirement Application. Critically, the document mentions launching “a digital retirement system pilot to move from a predominantly paper-based system to an all-digital-based system.”

The plan also mentions modernizing the retirement data repository to, in part, “enable OPM to analyze the data across the population of federal retirees.” Other projects include updating the representative payee system and replacing a manual form and transitioning a document case control system to the cloud.

As FedScoop previously reported, congressional inquiries to OPM have surged in recent years, while the number of errors in the materials agencies send to OPM in order to process applications appears to have grown, too. FedScoop also reported in August that OPM appeared to be planning a pilot of its new online retirement application platform for later this year.

While the agency is also hoping to move its new retirement services legacy applications from its mainframe system and onto the cloud, there could be significant challenges ahead.

“A related challenge for the RS modernization effort is to migrate all legacy applications off the current mainframe computing environment. These custom applications, written in COBOL, will require refactoring and redeveloping the business logic in a modern programming language,” notes the strategic plan. “OCIO understands the importance of treating this as a high-risk program, one that will require prototypes and pilots to demonstrate the soundness of the technical architecture and application refactoring approach.”

Correction, Sept. 6, 2023: This story was updated to reflect the release of the strategic plan in May.

The post In IT strategic plan, OPM highlights retirement services goals appeared first on FedScoop.

]]>
72532
OPM CIO: new digital services team proving key for IT modernization projects https://fedscoop.com/opm-cio-on-new-digital-services-team/ Wed, 24 Aug 2022 15:16:38 +0000 https://fedscoop.com/?p=58970 Guy Cavallo says the recently established unit has injected new agile skills into transformation programs.

The post OPM CIO: new digital services team proving key for IT modernization projects appeared first on FedScoop.

]]>
The creation of a new digital services team at the Office of Personnel Management has proved key to the progress of IT modernization projects at the agency, according to Guy Cavallo.

Speaking Wednesday, the chief information officer said the recently established unit has been crucial in bringing in younger technology talent to work alongside legacy developers and other assigned staff on IT modernization initiatives.

“Having that digital services team inject new or agile skills and being involved in development projects that still has legacy developers and the assigned team I find is the right way” to approach modernization, Cavallo said at the FedTalks conference hosted by FedScoop.

According to the CIO, another benefit of the new team is that it helps ensure the agency has enough staff to work side-by-side with contractors on IT modernization projects.

OPM has also created 18 new internships and redefined some senior technology roles as it works to bring in a new generation of IT staff.

“Great technology with a workforce that’s resistant to it is a failure,” Cavallo added, describing the agency’s work to bring in new personnel.

The CIO added that OPM is forging ahead with work to move its IT infrastructure to the cloud in small chunks, with a focus on ensuring that each modernization project where possible pays for itself and demonstrates the benefits of such programs.

“If you take something from one premise, move it to the cloud, then cancel the on-premise contract, you’ve burned a bridge. Then you use that money to fund it. I think showing small successes, showing the tremendous advantages of elasticity and redundancy of the cloud — the business users see it,” Cavallo said.

The post OPM CIO: new digital services team proving key for IT modernization projects appeared first on FedScoop.

]]>
58970
OPM speeding up zero-trust security implementation with TMF funds https://fedscoop.com/opm-speeding-zero-trust-tmf/ Wed, 02 Mar 2022 16:00:55 +0000 https://fedscoop.com/?p=48174 Guy Cavallo explains how OPM prepared for the infusion of new funding.

The post OPM speeding up zero-trust security implementation with TMF funds appeared first on FedScoop.

]]>
The Office of Personnel Management is implementing a zero-trust security architecture faster because of the $9.9 million in Technology Modernization Fund dollars it received in September, according to Chief Information Officer Guy Cavallo.

Cavallo intends to use the funds to pay for zero-trust technologies identified through market research his office conducted in preparation for the money’s arrival, as well as consulting and support personnel that won’t just implement the products but integrate with cloud migration and service management teams.

The Technology Modernization Fund Board in September announced seven new projects in its first round of awards for agency IT modernization since the fund received a $1 billion infusion as part of the American Rescue Plan.

OPM wasn’t moving toward a zero-trust security architecture until Cavallo became CIO in March 2021, and once the TMF funding was assured, he had his office prepare contracts and procurements for the solutions it desired.

“We were going to do zero trust even without that money,” Cavallo told FedScoop, during ITModTalks on Wednesday. “It just would’ve taken me longer because — you know the budget cycle in government — I inherited a budget when I got to OPM that had been decided two years earlier without zero trust.”

President Biden issued the Cybersecurity Executive Order requiring agencies to begin adopting zero-trust security two months after Cavallo joined OPM, which gave him the leverage he needed to request additional resources he was already seeking.

Cavallo also oversaw the cloud migrations at the Transportation Security Administration and the Small Business Administration because of the cyber protections cloud provides. In leading three agency migrations in under 90 days total, Cavallo learned it only takes two to three cloud professionals who’ve done the work before either on staff, like when he brought SBA employees with him to OPM, or from outside, like 18F in TSA’s case or a cloud partner in OPM’s.

The technology leader breaks his cloud strategy into five teams: architecture engineering; cloud operations; service management, for governance and costing; service automation, for a continuous development pipeline; and migration. Security is embedded into all of them because otherwise a separate security team would take a year to approve everything at the end, Cavallo said.

At SBA, Cavallo had all information system logs migrated to the cloud, so the agency was no longer limited by on-premise hardware as to how many it could collect. Then SBA built artificial intelligence into its zero-trust initiative to improve its security posture.

“We are all under robotic, artificial intelligence-based attacks, and if we try to counter those with humans looking at security monitors, we will lose every time,” Cavallo said. “We have to up our game and fight those same resources with the same capabilities.”

The post OPM speeding up zero-trust security implementation with TMF funds appeared first on FedScoop.

]]>
48174
James Saunders takes CISO role at Office of Personnel Management https://fedscoop.com/james-saunders-takes-ciso-role-at-office-of-personnel-management/ Fri, 25 Feb 2022 16:19:38 +0000 https://fedscoop.com/?p=48009 He starts work in the new position on February 28 after joining the agency last year as a cloud and cybersecurity adviser.

The post James Saunders takes CISO role at Office of Personnel Management appeared first on FedScoop.

]]>
The Office of Personnel Management has named James Saunders as chief information security officer.

He starts work in the new role Feb. 28 after joining the agency last year as a senior adviser for cloud and cybersecurity.

Previously, Saunders held the post of CISO at the Small Business Administration and moved to OPM in April 2021. One federal IT source speaking to this publication said that Saunders has already been acting as an “unofficial CISO” since joining the agency.

At the SBA, Saunders worked closely with then-deputy CIO Guy Cavallo, who subsequently moved to OPM as deputy CIO and in July was installed as permanent CIO. While at SBA, Saunders and Cavallo worked to implement the requirements of the CARES Act as well as the IT systems for the Paycheck Protection Program and Economic Injury Disaster Loan program.

Technology leaders at OPM have worked to turn around its IT systems since the agency attracted criticism under the Trump administration and was targeted for deconstruction.

In September, the agency said it would support the idea of a working capital fund to finance its backlog of necessary IT modernization projects, if given congressional approval.

This came after the National Academy of Public Administration in March published an independent study that identified glaring IT deficiencies but argued that the agency should not be folded into the General Services Administration.

OPM’s director was mandated by Congress to commission the report from the National Academy of Public Administration, which included 23 recommendations across a range of separate issues.

OPM did not respond to a request for comment on Saunders’ appointment.

News of the appointment was first reported by MeriTalk.

The post James Saunders takes CISO role at Office of Personnel Management appeared first on FedScoop.

]]>
48009
CIOs say they need more funding to implement cyber EO https://fedscoop.com/cios-cybersecurity-executive-order/ https://fedscoop.com/cios-cybersecurity-executive-order/#respond Tue, 09 Nov 2021 19:03:22 +0000 https://fedscoop.com/?p=44481 The Department of Energy is but one agency in need of a bigger budget or Technology Modernization Fund money to implement zero-trust security.

The post CIOs say they need more funding to implement cyber EO appeared first on FedScoop.

]]>
Additional congressional funds will be critical to agencies’ efforts to comply with the Biden administration’s cybersecurity executive order and implement zero-trust architectures, according to federal chief information officers.

The executive order (EO) has agencies like the Department of Energy implementing zero trust and multi-factor authentication across highly federated environments, and the “elephant in the room” is how they will pay for everything, said CIO Ann Dunkin at ACT-IAC’s Imagine Nation conference in Hershey, Penn.

DOE is employing a risk-based approach to complying with the EO the Biden administration issued in May because compliance will take time and money, either from Congress or else internal cuts.

“I don’t have the money to support the [project management office] that I stood up to run the EO, if I don’t get any more money in 2022,” Dunkin said. “So either I take money away from something else, or I don’t even have that PMO in place.”

DOE has outstanding Technology Modernization Fund proposals that could help with Cyber EO compliance, but Dunkin reiterated her view there’s currently not enough money in the fund appropriated by Congress.

The Department of Labor hasn’t heard back on the TMF proposal it submitted for funds to help bolster its cyber posture. The Cybersecurity and Infrastructure Security Agency could assist departments in Labor’s situation by growing its Continuous Diagnostics and Mitigation program and developing governmentwide playbooks, but in the meantime agencies need to explore all their options, said CIO Gundeep Ahluwalia.

“In my mind, we have to find some resources internally, ask Congress for appropriated resources, look at the Technology Modernization Fund, and maybe some things can be pulled together and done centrally to raise all boats,” Ahluwalia said.

The U.S. Department of Agriculture also prioritized cybersecurity with its early TMF proposals, along with some to improve IT services to rural America and work with the Department of the Interior to modernize a platform for combating wildfires, said CIO Gary Washington. None of USDA’s proposals have received TMF funding yet.

Labor also has two outstanding TMF proposals that would help it finish an IT modernization effort around temporary workspace, as well as collaborate with the General Services Administration to meet accessibility requirements.

The Office of Personnel Management received TMF funding for its zero-trust networking proposal in September, one of three agencies along with GSA and the Department of Education to successfully propose Cyber EO-related projects.

Five other TMF proposals OPM submitted are tied to modernizing legacy systems, and while CIO Guy Cavallo hopes to establish a working capital fund for IT projects, TMF funding has proven critical since the Trump administration attempted to shutter the agency. The move made predicting future modernization costs more difficult, especially since federal background investigation work is still being transferred to the Department of Defense, Cavallo said.

“I inherited budgets that we weren’t sure were going to be there,” Cavallo said. “So I need the TMF funding to put some of our modernization efforts on the table.”

The post CIOs say they need more funding to implement cyber EO appeared first on FedScoop.

]]>
https://fedscoop.com/cios-cybersecurity-executive-order/feed/ 0 44481
Lawmakers question SBA technology investments after loan system outages https://fedscoop.com/lawmakers-sba-loan-system-investments/ https://fedscoop.com/lawmakers-sba-loan-system-investments/#respond Wed, 22 Jul 2020 20:17:36 +0000 https://fedscoop.com/?p=37589 The Small Business Administration proposed replacing E-Tran by 2015, but in 2020 the loan system continues to be updated in lieu of modernization.

The post Lawmakers question SBA technology investments after loan system outages appeared first on FedScoop.

]]>
House lawmakers Wednesday questioned recent Small Business Administration IT investments after issues with its loan portals have hampered applicants’ ability to receive economic relief amid the coronavirus pandemic.

SBA made technical improvements to lessen the demand on its overloaded E-Tran loan system, Deputy CIO Guy Cavallo told the Committee on Small Business’ Oversight Subcommittee Wednesday. But those changes aren’t a substitute for modernizing E-Tran, which SBA planned to replace back in 2015, said Rep. Judy Chu, D-Calif., the subcommittee chair.

“The agency can’t rely on a system that is incapable of meeting high demand in a crisis,” Chu said.

SBA’s Office of the CIO doubled E-Tran’s network connectivity a week or two before the agency began accepting Paycheck Protection Program (PPP) applications for forgivable loans up to $10 million to keep workforces employed during the pandemic.

The office also approved a “significant” hardware investment to improve E-Tran’s “horsepower” and built a lender gateway as a cloud-based app to lessen the front-end load — allowing small banks to apply for PPP loans more easily, Cavallo said.

“For something like E-Tran, that we can’t modernize overnight, what we’re trying to do is put a new front-end in front of it so that the small business owner or the citizen is able to more easily interact with the system,” Cavallo said. “We were able to do that successfully for a number of these programs.”

Still, the PPP portal went down for four hours during launch and crashed again when it reopened in late April. The Government Accountability Office foresaw such an occurrence in a 2014 report, where it warned SBA was “unprepared” for a large number of disaster loan applications at the beginning of a response.

SBA also ran into trouble with its Economic Injury Disaster Loan (EIDL) portal, when the personally identifiable information (PII) of about 8,000 applicants was potentially exposed for several hours. The overwhelming demand for EIDL loans, $1,000 per employee for up to 10 employees, also led to outages, so OCIO developed an interim, cloud-based solution to intake applications until the finalized portal was ready.

“However — while making multiple system changes in the middle of the night in such a short time — a mistake was made in one of the system’s configuration, which actually exposed PII data for some individuals,” Cavallo said.

The 6 a.m. error was discovered within three hours, reported to the U.S. Computer Emergency Readiness Team an hour after that, and fixed. The General Services Administration completed free credit monitoring for potential victims on March 29 and 30, with offer letters sent out once addresses could be validated.

Some recipients thought the letters themselves were a scam, and affected businesses were forced to reapply for EIDL loans and shut out of the program when SBA leadership decided to limit applications to agricultural businesses, Chu said.

‘Questionable’ investments

E-Tran is handling loan applicant traffic currently, but lawmakers wanted to know how SBA intends to avoid outages in the future.

SBA received an additional $2.1 billion to staff up during the pandemic, much of which has gone toward the IT help desk and network and security operations centers, Cavallo said.

“SBA has made some questionable IT investments into its contracting and business development programs, making various attempts to streamline application processes and enhance staff oversight and management of these programs,” said Rep Ross Spano, R-Fla., the subcommittee’s ranking member.

The agency also spent $27 million on its new certify.sba.gov identity authentication platform, which has yet to be “fully realized,” Spano said.

In its 2019 Federal Information Technology Acquisition Reform Act scorecard, SBA received a C grade for IT portfolio management and a D grade for cybersecurity.

Cavallo argued SBA still has the third-highest cumulative score in government. The agency is further helping the Department of Homeland Security implement the Continuous Diagnostics and Mitigation program in a new, cloud-based solution.

“We think the combination of those scores do not accurately reflect where we are today,” Cavallo said. “Otherwise DHS would not have selected us to pilot two critical cybersecurity pilots with them that have changed federal policy.”

The post Lawmakers question SBA technology investments after loan system outages appeared first on FedScoop.

]]>
https://fedscoop.com/lawmakers-sba-loan-system-investments/feed/ 0 37589
With telecom modernization in flux, officials encourage modifying EIS solicitations during pandemic https://fedscoop.com/telecom-modernization-modify-solicitations/ https://fedscoop.com/telecom-modernization-modify-solicitations/#respond Fri, 05 Jun 2020 17:48:09 +0000 https://fedscoop.com/?p=36823 “This is a chance for the agencies to take a look and see where there might be gaps in what they were rolling out and look to expand their EIS solicitations," says one FAS official.

The post With telecom modernization in flux, officials encourage modifying EIS solicitations during pandemic appeared first on FedScoop.

]]>
The coronavirus pandemic has “heightened” agencies’ awareness of their need to modernize information technology and modify telecommunications solicitations in light of the large-scale disruptions to everyday work, say federal officials.

The comments come as large agencies continue to plan for transitioning to the $50 billion Enterprise Infrastructure Solutions (EIS) telecom contract. In mid-March, the General Services Administration‘s Federal Acquisition Service began working with agencies individually to determine what end-user devices they needed for telework and how telecom transitions were being affected.

“This is a chance for the agencies to take a look and see where there might be gaps in what they were rolling out and look to expand their EIS solicitations,” said Laura Stanton, who will take over as acting assistant commissioner of IT Category at FAS on Monday, during an AFFIRM webinar Thursday. “Agencies were in different places and were affected differently by COVID-19.”

Of the 19 agencies spending the most on telecom modernization, all plan to move to the EIS contract before legacy contracts expire in May 2023, according to the Government Accountability Office. While most task orders remain in agencies’ projected timeframes, a few have been delayed due to COVID-19, according to GSA.

Typical EIS adjustments

The most common changes agencies are making to solicitations include increasing bandwidth for voice and data networks to support telework, telemedicine, and distance learning; mobility services to support community response; security services to protect against evolving cyberthreats; cloud-based collaboration tools for workforce productivity; and contact center solutions for remote customer service agents, Mike Maiorana, senior vice president of federal public sector sales at Verizon, told FedScoop.

Some agencies continue to meet their needs with legacy Networx, Washington Interagency Telecommunications System (WITS) 3 and Schedule 70 contracts, Maiorana said.

“We have seen certain agencies delay EIS deadlines and/or decisions to focus more on the urgent matters at hand,” he said. “We have seen other agencies accelerate solicitations to use EIS as an enabler of technologies to assist their COVID-19 responses.”

The coronavirus has delayed the Small Business Administration‘s EIS transition because the agency was in the process of a site audit when mandatory telework began. SBA wants to completely replace its wide area network and move to zero-trust networking, but site visits are now on hold, said Guy Cavallo, deputy chief information officer.

That doesn’t mean SBA ceased IT and cybersecurity upgrades with the pandemic though.

“In the middle of this, I think it’s a mistake for any agency to stop modernizing because we don’t know how long it’s going to be like this,” Cavallo said. “And the world is going to keep changing; the hackers are going to get better.”

The post With telecom modernization in flux, officials encourage modifying EIS solicitations during pandemic appeared first on FedScoop.

]]>
https://fedscoop.com/telecom-modernization-modify-solicitations/feed/ 0 36823
SBA systems fended off foreign adversaries applying for coronavirus loans https://fedscoop.com/sba-loan-systems-foreign-adversaries/ https://fedscoop.com/sba-loan-systems-foreign-adversaries/#respond Thu, 04 Jun 2020 20:16:40 +0000 https://fedscoop.com/?p=36816 Users in North Korea, China and Russia applied for CARES Act loans intended for U.S. small businesses, the agency's deputy CIO says.

The post SBA systems fended off foreign adversaries applying for coronavirus loans appeared first on FedScoop.

]]>
Amid the Small Business Administration’s early struggles with its system for coronavirus relief loans, the agency was able to quickly identify and block North Korean, Chinese and Russian accounts making bogus applications, officials said Thursday.

The agency moved to the cloud three years ago but didn’t realize just how powerful its cloud cybersecurity tools were until it deployed them against foreign adversaries, said Guy Cavallo, deputy chief information officer, during an AFFIRM webinar Thursday.

“We’ll make an exception if there’s an American businessperson traveling abroad,” Cavallo said. “But our overseas warning, when we turned it on, went off like a Christmas tree.”

Those cybersecurity successes were a bright spot as the SBA quickly launched two systems in April to disburse funds from the Coronavirus Aid, Relief, and Economic Security (CARES) Act and other stimulus packages. One experienced outages and the other potentially exposed personally identifiable information.

The cloud system includes machine-learning technology that flags unusual activity in real time for SBA analysts to investigate and block. SBA also has run Trusted Internet Connections (TIC) and Continuous Diagnostics and Mitigation (CDM) pilots granting the deputy CIO “full visibility” into agency systems, Cavallo said. TIC policy is coordinated by the Office of Management and Budget, and the CDM program is run by the Department of Homeland Security.

SBA developed a portal for the Paycheck Protection Program (PPP), created by the CARES Act, within its E-Tran system. PPP provides forgivable loans of up to $10 million to keep small businesses’ workforces employed during the pandemic, but lenders applying on behalf of small business clients for the second round of loans complained of numerous outages.

The PPP portal timed out because it hadn’t been moved to the cloud, and the on-premise version couldn’t withstand the traffic, Cavallo said. When President Trump tweeted out the SBA.gov address, the site saw an 8,000% increase in hits within a minute.

“It was fine when we had normal traffic, but PPP was way overboard,” Cavallo said. “So we rebuilt and launched a new version in the cloud in five days.”

Developers pulled all-nighters, he added.

SBA will always have problems adjusting loan systems quickly to new requirements in coronavirus stimulus legislation, Cavallo said, but its investment in the cloud paid off.

“I would say that, as we’re flying the plane, we just changed it to SpaceX along the way,” Cavallo said.

Since the pandemic began, Cavallo has been allowed to hire cloud specialists from outside Washington, D.C., for the first time in cities like Chicago, Cincinnati and Dallas. The deputy CIO hopes that trend continues when quarantine lifts.

“In the past that was something we weren’t allowed to do,” Cavallo said. “And what that’s allowed me to do is pick people that don’t want to move to Washington, D.C. that have great skills that I could actually leverage virtually.”

The post SBA systems fended off foreign adversaries applying for coronavirus loans appeared first on FedScoop.

]]>
https://fedscoop.com/sba-loan-systems-foreign-adversaries/feed/ 0 36816
SBA pushes forward with modernization under working capital fund https://fedscoop.com/sba-modernization-working-capital-fund/ https://fedscoop.com/sba-modernization-working-capital-fund/#respond Tue, 02 Jun 2020 20:27:11 +0000 https://fedscoop.com/?p=36798 The SBA has a $6 million working capital fund it's using to support seven ongoing IT modernization projects.

The post SBA pushes forward with modernization under working capital fund appeared first on FedScoop.

]]>
The Small Business Administration is now actively using money from its IT working capital fund to support a variety of modernization efforts.

SBA is currently using $6 million in funding it didn’t spend in fiscal 2019 to support seven ongoing IT modernization projects, Deputy CIO Guy Cavallo said May 28 during an AFCEA Bethesda webinar.

Considering SBA’s annual total IT budget of $117 million, “it was a decent-sized chunk,” Cavallo said of the money in the fund.

SBA is one of the very few agencies that jumped at the opportunity lawmakers provided agencies under the Modernizing Government Technology Act to start IT working capital funds. The idea is that once Congress authorizes a fund, agency CIOs can save any unspent IT budget for modernization projects.

The MGT Act also created a central, governmentwide Technology Modernization Fund from which federal agencies can apply to take loans for modernization projects. The TMF has awarded a total of $90 million to seven distinct projects— two at both the U.S. Department of Agriculture, General Services Administration, and one apiece at the departments of Energy, Housing and Urban Development, and Labor. More recently, lawmakers have proposed billions in funding for the TMF to support glaring modernization needs made obvious in the coronavirus.

But the SBA is probably too small to take advantage of the central TMF fund, said Cavallo, who is now one of SBA’s senior-most IT leaders after Maria Roat stepped away from the CIO role last month to become the deputy Federal CIO.

“You know, SBA being its size … if I was the [Department of Defense] or somebody I would have to go to the TMF and get the bigger box,” he said.

But by opting to use its own working capital fund, SBA gets the opportunity to manage that money at its own pace. It also helps to “break the agency out of the habit of in September, if there’s a lot of money that fell out because contracts didn’t come through, whatever, just buying hardware” simply to use up leftover funds or risk losing them, Cavallo said. “We wanted to be able to invest in legacy modernization and people.”

It wasn’t an easy path to get there, though. Cavallo echoed the struggles other CIOs have had: Despite the intent of the MGT Act to allow agency working capital funds, some agencies weren’t legally cleared to use them. “We discovered that we did not have the authority” to set one up, he said of the start of SBA’s journey.

Rep. Gerry Connolly, D-Va., one of the authors of the MGT Act, expressed his irritation about this fact last summer during an oversight hearing.

“One of the things we encountered was agencies saying, ‘Well, we’re creating a fund within our agency to be able to capture the savings effectuated in FITARA, but our lawyers are telling us we can’t use them. We can’t put money in them because that’s an appropriations function,’” Connolly said. He continued later, “Our view is — the law is the law. We passed the law. It’s quite clear what the intent is.”

In the SBA’s case, the CIO’s office worked with agency attorneys to clear things up.

The Department of Labor and the General Services Administration both had existing funds that fulfilled the intent of the MGT Act and have received the blessings of lawmakers, like Connolly, who have IT oversight. Other agencies like the departments of Education and Commerce have asked to stand up new funds and are committed to using them but still haven’t gotten the legal go-ahead to do so.

The post SBA pushes forward with modernization under working capital fund appeared first on FedScoop.

]]>
https://fedscoop.com/sba-modernization-working-capital-fund/feed/ 0 36798