The Telework Reform Act (S. 3015), introduced Thursday, also attempts to bolster the training and monitoring of those in federal telework positions. 

“By re-thinking how the government uses remote work, we are encouraging federal agencies to hire in diverse communities across the country; instead of requiring our workforce to be centralized in Washington, D.C.,” Lankford said in a statement. “We should allow both people to serve their nation and build a career.”

Sinema added that the legislation serves as a means to cut costs and boost “career opportunities by improving federal telework for Arizonans and military spouses who rely on telework to stay employed when moving due to military orders.”

The legislation seeks to permit federal agency directors to “noncompetitively appoint” veterans or people married to armed forces members and law enforcement officers to remote work positions. 

It also introduces multiple reporting requirements for agencies with regard to telework, including annual reviews and contingent renewals of remote work pacts between employees and supervisors, as well as mandated yearly trainings on best telework practices and supervisory reporting protocols.  

Additionally, the legislation calls on agencies’ chief human capital and chief financial officers, in conjunction with the director of the Office of Management and Budget and the General Services administrator, to deliver a report to Congress one year after the bill’s enactment on expected cost savings, productivity outcomes, needed cybersecurity and IT changes, which job classifications could benefit from remote-exclusive work, and how agencies could better coordinate with the Defense Department secretary on the recruitment of spouses for telework.  

Lankford and Sinema’s bill is a pivot from previous Senate efforts to curb pandemic-era telework practices within the federal government. In May, Sen. Marsha Blackburn, R-Tenn., and six Republican cosponsors introduced the Stopping Home Office Work’s Unproductive Problems (SHOW UP) Act, which sought to reverse all federal agencies’ COVID-19 telework policies. And in August, Sen. Joni Ernst, R-Iowa, asked the State Department’s acting inspector general to conduct an agency-wide review of “federal agencies abusing remote work on the taxpayer’s dime.”

The post Senate bill seeks to codify telework, boost recruitment of military and law enforcement spouses for remote jobs appeared first on FedScoop.

House Oversight Chairman, Rep. James Comer, R-Ky., Subcommittee on Government Operations and the Federal Workforce Chairman Pete Sessions, R-Texas., and Rep. Lauren Boebert, R-Colo., renewed their initial May request to Biden administration federal agencies regarding telework and remote work.

“One of two options is currently playing out: either federal agencies are withholding information from Congress or federal agencies are not tracking telework and remote work policies as required by the law,” said Comer, Sessions, and Boebert in letters to dozens of federal agencies. 

“Both possibilities are deeply concerning. The American people show up to work every day and federal agencies should follow their example. Committee Republicans remain steadfast in our pursuit of answers and if federal agencies continue to withhold this information, we will resort to compulsory measures,” the Congressman said.

The Republican lawmakers, in the latest missive, said the Biden Administration has not provided them current data about the specific amount of telework occurring within federal agencies or across the entire federal workforce and has provided “no evidence concerning the impact of elevated telework on agency performance.” 

GOP lawmakers have sought to investigate agencies’ varying approach to telework, and in January introduced the SHOW UP Act, which was intended to compel departments to return to their pre-pandemic telework policies. That legislation was introduced by Rep. James Comer, R-TN, Andy Biggs, R-Ariz., Byron Donalds, R-Fla., and Michael Cloud, R-Texas.

Furthermore, they cite a recent Government Accountability Office (GAO) study on federal building occupancy which suggests that in some components of federal agencies the vast majority of employees are not coming to the office on a regular basis, with some agencies reporting occupancy rates as low as nine percent.

Last week, President Biden called for his Cabinet to “aggressively execute” plans for federal employees to carry out more in-office work this fall after years of working remotely.

The post GOP lawmakers criticize federal agencies for failing to provide telework policy docs appeared first on FedScoop.

The government has struggled to compete for talent with technical skills in areas like artificial intelligence, and the pandemic increased remote work — prompting GSA to issue its request for information (RFI) on how leadership should handle such challenges.

GSA initially issued the RFI in December but has extended the deadline for consulting firms, universities, nonprofits, associations and companies to provide best practices, technology recommendations and optimization strategies to Jan. 27.

“We very much hope that potential respondents will view this RFI and virtual industry day request as a true civic opportunity to help significantly shape the government’s thinking about the federal workforce,” reads the RFI. “Additionally, for respondents considering whether to submit a response, this effort may yield other potential benefits, such as access to senior officials across government to showcase your organization’s expertise as part of the RFIs you submit.”

The RFI asks respondents to weigh in on improving hiring outcomes by attracting top talent and streamlining hiring processes; promoting diversity, equity, inclusion and accessibility; increasing career opportunities through upskilling and continuous learning; and other areas it may have missed.

Topics were selected by leaders within the White House, Office of Management and Budget, Office of Personnel Management, executive councils like the Chief Information Officers and Chief Data Officers councils, and other departments including Defense and Homeland Security.

The Presidential Management Council Working Group on Re-entry and the Future of Work, as well as the President’s Management Agenda (PMA) team, tailored the topics to the first pillar of the PMA.

While no direct procurement will come from the RFI, once responses are in GSA will begin Phase 3 of its governmentwide workforce outreach effort. Respondents will be selected to engage with leaders from the participating agencies in a series of sessions on their submissions and even demonstrate technologies — in what is being called a virtual reverse industry day — ideally in February. 

The post GSA wants public recommendations on future workforce policies and initiatives appeared first on FedScoop.

It’s hard to grasp the breadth and depth of decisions federal IT teams had to make to keep their agencies operating as the pandemic shut offices down, and teleworking went from option to necessity.

Arveen Kohli, Consulting Sales Leader, Federal, Dell Technologies

The adoption of cloud technologies certainly helped make the transition possible. It also demonstrated to federal officials just how this kind of environment could work, so it’s understandable that CIOs and CISOs want to build on that momentum.

However, in the rush to stand up cloud-based applications and remote connections for millions of federal workers, federal IT leaders now face a new phase of technology triage: the need to step back and reassess the long-term sustainability of the IT they put in place.

The sudden push to modernize agency infrastructure and implement solutions designed to support a work-from-anywhere workforce has put federal agencies in a strong position. But it also added a lot of ad hoc solutions into their digital environments, many of which may prove costly or problematic to maintain in the long run.

It’s not too soon, however, for IT leaders to confront a few critical questions: First, do they have a clear picture of what they own and what they’ve added? Second, do they have a longer-term view of what a sustainable IT portfolio looks like? And third, do they and their management teams have a roadmap for what’s required to strengthen their agency’s long-term IT resiliency and agility?

Put sustainability above solutions

Federal agencies have come a long way in determining which assets are operating on their networks and who’s using them. But sustainability can’t happen if you don’t continuously know what you have.

Some of the lessons we’ve learned supporting global enterprises include the realization that while most organizations conduct application profiling, or take the time to assess application dependencies, those efforts often don’t get beyond a stack of reports. The critical information they’ve spent time and money gathering in many cases doesn’t get put into practice. Consequently, organizations would be better served by moving towards a platform strategy that provides a real-time view of their operations.

The goal is to understand what percentage of your workloads are ready to move over to a public cloud; which should remain in a hybrid cloud environment; and which set of workloads will be most sustainable financially over time in those environments. Rationalizing applications and solutions may achieve shorter-term efficiencies. But in the long run, adaptability and agility are better achieved by choosing the right platforms.

Let strategy drive technology

Agency IT departments would also benefit from looking beyond their IT application and workload portfolios and reassessing how they operate and deliver services.

When it comes to long-term IT sustainability, it often makes greater sense to have IT departments functioning more as IT service brokers and providers, capable of matching internal and external needs with the most appropriate technologies, rather than as IT systems managers.

Again, the goal is to keep pace with innovation and adapt quickly to changing requirements. An agile IT service provider ecosystem encourages flexibility rather than equipment refreshes and application updates.

Today’s federal CIOs have a lot of options. By operating more as an IT services broker and fostering an ecosystem of providers who are familiar with an agency’s needs, CIOs can keep their options open, test multiple approaches concurrently, and ultimately serve their internal customers and the public more expeditiously. To foster a more sustainable and flexible future, CIOs should establish an operating environment in which strategy drives technology, rather than having technology drive strategy.

Bring people into the platform

Lastly, while financial considerations remain central to the technology decisions that government agencies make, agencies can’t march forward by pursuing a financial metric without also bringing their workforce along in the process.

Just as the strategy needs to drive the technology, agency leaders must pay greater attention to the impact that strategic technology shifts will have on their employees’ workflows and outcomes. As agencies push to gain greater technical agility, they must also ensure their people get the training they need to be successful.

Technology providers routinely talk about the need for creating an enterprise-wide, holistic view of an organization’s IT environment. The organizations that will excel the most will be those whose leaders create an environment in which people are as much a part of the platform as the technology. The success of those organizations and their CIOs, however, will depend in large part on putting long-term IT sustainability ahead of short-term technical solutions.

Learn more about how your organization can build a sustainable technology future from Dell Technologies.

The post Why CIOs need to reassess the sustainability of their pandemic IT fixes appeared first on FedScoop.

When the COVID-19 pandemic forced federal and state employees to work from home, the disruption went far beyond work routines. It also resulted in having to support not just central agency offices, but thousands of satellite offices as each employee’s home office essentially became a branch of government operations.

Tony Bardo, Assistant Vice President, Government Solutions, Hughes

Now — nearly two years later — as agencies look to embrace hybrid work as a more permanent fixture to their operations, officials also need to find more permanent solutions to ensure employees always have a reliable connection from their home offices. And for network engineers and IT leaders, that means viewing network resiliency through a different lens.

Currently, agencies are working with established managed IT service contracts that are set up to support a fully staffed office. That includes managing hardwired facilities with heavy doses of network fiber and dedicated access services in addition to contracts for IT help desk functions to assist workers with any connectivity and hardware issues that arise during work hours.

But hybrid work has, and will, change the network needs which are currently stipulated in managed service provider contracts. Employees need reliable broadband access to agency resources and the support of a help desk, even when they are working from home.

How network needs are changing

Consider the scenario of an employee’s internet connection going down. In an office, that employee would be able to call the help desk and resolve the problem fairly quickly. Today, without a managed service provider (MSP) contract written for a hybrid work scenario, if that individual’s internet connection goes down at home, the remote worker will have to call their commercial service provider to troubleshoot the issue. That also puts employees in the position of acting as their own IT desk support.

At the very least, that employee is down for an hour or more trying to resolve with their connection issues with the home network service provider. In the worst case, they could be offline several days as they wait for replacement equipment to arrive.

Instead of getting Enterprise Infrastructure Solutions (EIS) grade or Networx grade telecommunications service — with a service-level agreement (SLA) that spells out response parameters for restoring service — employees are at the mercy of their consumer-grade network service, who operate on their own schedules.

Fortunately, under the existing EIS contract, agencies can access funds to expand broadband to dispersed locations with infrastructure that supports residential homes. And by involving the EIS-prime provider — and their partners that already offer a network MSP to residences — agencies can begin to bridge the gap between home service and enterprise service with an appropriate SLA to ensure their provider responds within a set period to restore service.

Economies of scale for network modernization

In the broader scheme of IT and network modernization, government leaders have already started down a path that focuses more on cost-savings. For example, more agencies are using managed broadband networks — as opposed to fixed dedicated hardwired facilities. These new contracts have helped drive down costs for network management across agencies on an as-needed basis.

The good news is that broadband connections today are priced much more cheaply than the dedicated network connections and access connections that were tied to the original agency locations in the past. Service providers offer service plans that give agencies much more bandwidth for much lower prices, and the opportunity for agencies to save a lot of money. Those savings can be used to extend network services to employees’ homes.

To best take advantage of the economies of scale of extending broadband, I recommend including the managed service providers in the planning stages of redefining what a new MSP contract should look like. This can help leaders think about more strategic questions around network needs such as:

• How and when will employees return to, or work part of their week at, the office?
• Where will employees most likely be working and what network needs will best fit an evolving hybrid model?
• How will the agency use this new work structure to alter its real estate footprint?
• How will these changes impact the long-term view of each agency’s mission?

While the answers to the questions are still evolving, it is important to recognize that planning for a more hybrid work structure will demand a different approach to supporting current and future network demands. Fortunately, the expertise to help plan for those changes are already available through the EIS contract, and from the participating network and communications specialists on the EIS contract.

Learn more about how Hughes can help your agency consolidate network transport services into one single bill and put an end to managing various contracts and customer support channels.

The post How hybrid work will impact network needs for government agencies appeared first on FedScoop.

The document provides guidance on how agencies can configure data flows and apply TIC capabilities across three network security patterns: secure remote user access to a campus, agency-sanctioned cloud service providers, or the internet.

Originally released as Interim Telework Guidance responding to vendor requests for help aiding agencies during the pandemic in April 2020, the finalized use case aims to prevent against cyberthreats resulting from users’ ability to access resources from outside network boundaries.

“The Remote User Use Case helps agencies preserve security while they gain application performance (e.g., latency, throughput, jitter, etc.); reduce costs through reduction of private links; and improve user experience by facilitating remote user connections to agency-sanctioned cloud services and internal agency services as well as supporting additional options for agency deployment,” reads the document. “This use case is also intended to support policy enforcement parity for devices and connectivity options.”

More than 70 agencies, companies and trade organizations weighed in on the document.

Agencies may implement a subset of the three network security patterns or additional ones from a different use case. The other two available are the Traditional TIC and Branch Office use cases.

The document is intended to be used alongside the updated Security Capabilities Catalog and TIC overlays applicable to service providers. The Pilot Process Handbook was also finalized.

Zero trust and partner research and development use cases might also come in 2021, with infrastructure-as-a-service (IaaS), software-as-a-service (SaaS), platform-as-a-service (PaaS) and email use cases already planned.

CISA is also working to finalize IPv6 Considerations for TIC 3.0 guidance, given the expanded cyberthreat landscape it presents. The draft version remains open for public comment through Friday.

The post CISA issues third TIC use case covering remote users appeared first on FedScoop.

GSA awarded a multi-award, indefinite-delivery, indefinite-quantity contract to five commercial co-working companies —WeWork, The Yard, LiquidSpace, Expansive and Deskpass — last month that will allow agencies to purchase flexible, temporary space from any of the companies.

The contract starts at one year and could go up to five, with a $10 million cap on spending with each of the five companies per year, according to terms of the procurement.

While the idea of such a contract makes sense now that the government has had to flex its teleworking muscle during the COVID-19 pandemic, GSA actually began planning it out in late 2019 before the coronavirus was really even known to be a threat to the U.S.

“Working beyond the confines of traditional government offices has become more common,” says a contract document from 2019. “Government employees are now commonly equipped with technological tools to work from anywhere. The freedom provided by technological advancements allows agencies to efficiently and flexibly pursue mission success through the utilization of employee mobility and telework.”

And with the federal government embracing telework more than it has in the past, and GSA hoping to shrink its footprint as the federal landlord, these co-working companies are looking to the federal government as a bright, new client — even outside of this contract. For instance, WeWork — one of the best known and most infamous commercial co-working companies in the world — now has an arm of its business dedicated to the federal government. Heading up that new branch for the company is Daniel Mathews, former commissioner of GSA’s Public Buildings Service under the Trump administration.

“The pandemic has fundamentally changed how work is approached, and now government agencies will have a tool to help employees succeed while saving costs,” WeWork CEO Sandeep Mathrani said in a statement. “The workplace of the future requires flexibility, and GSA should be applauded for innovating.”

The post GSA contract opens agencies to commercial coworking spaces appeared first on FedScoop.

The maritime service might not be conducting its needed weekly audits of the surveys it collects on who is teleworking, potentially clouding the picture of how many people need tech to support their connectivity outside of Coast Guard offices. Working with inaccurate data could lead to poor planning for future technical requirements and budgeting to support the Coast Guard’s IT, the report found.

“Coast Guard officials could not provide assurance or evidence that weekly audits purposefully designed to verify the accuracy and completeness of these data were being conducted,” the report states. “Without such assurance, the Coast Guard may be relying on inaccurate and incomplete information when making decisions that rely on these data, such as for assessing its operational readiness.”

The Coast Guard, a part of the Department of Homeland Security, also could not confirm how many telework agreements it had signed with employees and guardsmen, further obfuscating the telework picture. The GAO recommended the service remedy the situation by implementing plans to ensure everyone working remotely has a teleworking agreement, auditing telework survey data and put in place additional controls to ensure supervisors review telework agreements at least annually.

“GAO found that the Coast Guard lacks controls over telework documentation and its personnel data are not reliable,” the report stated.

Coast Guard officials want many employees and guardsmen to continue to telework for the foreseeable future, a prospect the GAO warns requires careful analysis of its telework data to ensure it has enough back-end tech to support.

Interviews the GAO conducted also showed that at the beginning of the pandemic, the service lacked bandwidth and laptops to support its staff working from home. Money from the CARES Act provided the Coast Guard with the needed equipment, but how it is being used and in what capacity is not apparent due to the lack of data audits on its telework surveys.

“During the pandemic, the Coast Guard has faced challenges in balancing the need to safeguard its personnel with its responsibility to continue missions and operations,” according to the report.

The Coast Guard has been on a “tech revolution” since 2020 to modernize its aging systems and migrate its tech to the cloud. Commandant Karl Schultz said the service needed to dig itself out of the ’90s to improve connectivity on both its cutters and offices ashore. During that time, the service has added Wi-Fi to some cutters and replaced outdated desktops with “two-in-one tablets.”

The post Coast Guard ‘lacks control’ over telework data, GAO finds appeared first on FedScoop.

Zvenyach said these new investments under the Federal Risk and Authorization Management Program (FedRAMP) will focus on automation, process improvements and additional resources to help plug gaps, as well as make agencies more aware of existing authorities to operate (ATOs).

FedRAMP approves secure cloud technologies for agencies’ reuse via ATOs. Onboarding new cloud service providers, however, carries significant costs, not only that of the initial authorization but also annual reassessments, significant change requests and continuous monitoring as well.

CSPs and CIOs regularly urge the FedRAMP Program Management Office to automate what processes they can to streamline onboarding, but investment hasn’t kept up with demand.

“As we add cloud service providers to FedRAMP, it ends up having a nonlinear cost,” Zvenyach said, during an ACT-IAC event.

TTS investments in automation, process improvements and additional resources will help plug gaps, as well as make agencies more aware of existing ATOs, he added.

The thousands of ATOs agencies already reuse save taxpayer dollars, improve security and lower vendors’ overhead costs.

TTS is collaborating with the FedRAMP PMO and Joint Authorization Board on process work, as well as the Federal CIO, CIO Council and Office of Management and Budget to ensure FedRAMP’s reciprocity with the Pentagon’s Cybersecurity Maturity Model Certification (CMMC) program. The Department of Defense‘s CIO office is already represented on the JAB, which makes things easier, Zvenyach said.

“This isn’t just a [General Services Administration] thing,” he said. “We really do need to have partnership.”

Tasked with improving the public’s digital experience with government, TTS is still responding to the pandemic, economic recovery, racial inequity and climate change in its work. Major investments are also being made to improve the security and usability of Login.gov, the government’s identity and authentication platform, Zvenyach said.

But now agencies including GSA also need to finalize return-to-office plans by July 19, as required by the Safer Federal Workforce Task Force.

Under Zvenyach’s leadership, TTS has adopted a “distributed-by-default” mindset.

“My experience is distributed by default is a better pattern than the hybrid approach,” Zvenyach said. “I think people should be distributed, or they should be in person. And we should try and think about how you use the best of each, rather than trying to blend them together.”

People working in person shouldn’t receive more benefits than those who opt not to, which, in turn, allows TTS to focus on outcome delivery and measuring success, he added.

To that end, TTS has invested in collaboration tools, restructured how it conducts meetings and rethought results measurement to enable employees to live across the country in a more equitable, accessible work environment.

One downside to a more distributed workforce is feedback is harder to come by, so Zvenyach set up an anonymous, digital feedback form.

“I really do read all of the comments that come in,” he said.

The post GSA making ‘significant’ investments to automate FedRAMP processes appeared first on FedScoop.

Peter Romness, Cybersecurity Principal, Cisco and Kurt Steege, CTO, ThunderCat

The pandemic proved to agency leaders that they can offer a more flexible work arrangement for government workers. But securing a remote and hybrid work environment for today — and tomorrow — requires greater attention to a holistic security strategy.

Flexibility built into both policies and the underlying IT infrastructure is one way that CIOs and CISOs can accommodate a new way of working. And what agency leaders should aim for is a near seamless and equitable work experience — whether from home or from the office.

The good news is that thanks to the investments many agencies made to use cloud infrastructure, IT leaders are now in a position to take advantage of more effective cloud security capabilities around data. That includes identity and access controls that can reduce agencies’ overall security risks in the years ahead.

Smart cloud decisions yesterday make today’s response possible

The immediate need during the pandemic was to adjust IT systems so that employees could work productively at home. Secondary to that, agency IT departments needed to make certain those systems were secure. Unfortunately, the traditional “checkbox approach” to securing systems is no longer enough to lessen the level of cyber risk agencies face today.

To build a holistic security strategy will take both time and money — for which there are many limitations for agencies.

The bright side is that we have seen how the Cloud First and Cloud Smart policies set by the last two administrations have paid off in big ways. In fact, the most notable successes to facilitating mission during the pandemic are coming from those organizations which have been leveraging their cloud investments.

The biggest change making a difference in security — more than any other security practice — is when organizations use cloud tools to implement dynamic and persona-based policies that control access to agency resources. It not only improves security. It also improves the user experience, by allowing people to view content in a way that helps them in their job — regardless of the location — without jumping through a variety of security hoops to make that happen.

To achieve those improvements, though, requires visibility across the network. From a data security standpoint that means understanding where your data is, how it is being used and accessed, how the network behaves and knowing what policies that have been built.

Investing in security for hybrid work environments

The future of work is poised to look very differently across both the government and private sectors now that leaders and employees alike have experienced many of the positive benefits of a flexible work environment.

One of the discussions we have been a part of with some of our customers is a thoughtful transition to a “30-40-30” office-home work model: 30% of an organization’s staff may never return to the office; 40% may go back to the office a few days a week; and the remaining 30% would most likely work full-time at the office.

To secure this new work model, our first recommendation involves matching policies with existing use cases. Even before you look at the security tools you plan to use, weaving together policies regarding identity and data will make the whole system run more smoothly and securely.

Our next recommendation — and often a sticking point when managing data security — is understanding appropriate levels of security classification and sensitivity. For agencies that work in a more classified or sensitive area, it’s easy to just classify everything the same. But it’s also important to look at the long-term needs of users. The good news is, dynamic policies make it easy to adjust the data classification to be more variable, depending on the user and type of data.

That ties into our third recommendation, which is identifying what you have. A lot of organizations don’t know where to start in this endeavor. The don’t know what data they have or where it is; they often don’t even know all the devices that are in their environment or what those devices are doing. Having an accurate inventory really matters.

The value of working with strong partners

While at the surface these recommendations may seem simple, the complexity of agencies’ enterprise network brings a lot of challenges. That is why we promote working with a strong integration partner to get the most from your existing security investments and lessen the burden of acquisitions for new tools.

The partnership between ThunderCat Technology and Cisco offers a great resource for agencies to integrate and automate Cisco’s security tools across agency networks because ThunderCat Technology has built a practice around Cisco’s suite of solutions.

Cisco brings a full range of tools that provide the strongest levels of visibility, flexibility and security. ThunderCat Technology, meanwhile, understands all the components operating across an agency’s systems, and can serve as a knowledgeable advisor for how to best develop a holistic security strategy across multiple vendors partners so everything works together.

Learn more about how ThunderCat Technology and Cisco can help your organization integrate a holistic security strategy.

The post Three recommendations to secure a hybrid workforce appeared first on FedScoop.