“THE OBSERVER” – NEUROSCIENCE By Neuroscientist Tali Sharot
“Human beings are inherently optimistic; therefor we believe the answer is out there and we will find it. We have all evolved as humans with an innate optimism. That optimism exists to a greater or lesser degree in us all.
The human mind has a terrific tendency to forget bad news and remember exactly the specific details of good news. That is so often the case with historical fact.“
“While the past few years have seen important advances in the neuroscience of optimism, one enduring puzzle remained. How is it that people maintain this rosy bias even when information challenging our upbeat forecasts is so readily available? Only recently have we been able to decipher this mystery, by scanning the brains of people as they process both positive and negative information about the future. The findings are striking: when people learn, their neurons faithfully encode desirable information that can enhance optimism but fail at incorporating unexpectedly undesirable information. When we hear a success story like Mark Zuckerberg’s, our brains take note of the possibility that we too may become immensely rich one day. But hearing that the odds of divorce are almost 1 in 2 tends not to make us think that our own marriages may be destined to fail.
Why would our brains be wired in this way? It is tempting to speculate that optimism was selected by evolution precisely because, on balance, positive expectations enhance the odds of survival. Research findings that optimists live longer and are healthier, plus the fact that most humans display optimistic biases — and emerging data that optimism is linked to specific genes — all strongly support this hypothesis. Yet optimism is also irrational and can lead to unwanted outcomes. The question then is, How can we remain hopeful — benefiting from the fruits of optimism — while at the same time guarding ourselves from its pitfalls?
I believe knowledge is key. We are not born with an innate understanding of our biases. The brain’s illusions have to be identified by careful scientific observation and controlled experiments and then communicated to the rest of us. Once we are made aware of our optimistic illusions, we can act to protect ourselves. The good news is that awareness rarely shatters the illusion. The glass remains half full. It is possible, then, to strike a balance, to believe we will stay healthy, but get medical insurance anyway; to be certain the sun will shine, but grab an umbrella on our way out — just in case.”
“DEFENSE NEWS” By: Venture capital community leaders
“How can the Pentagon best preserve its innovation base and develop the most competitive and advanced technologies? The answer is simple: Buy commercial. New and emerging defense startups — and our men and women in uniform — don’t need symbolic gestures.
What they need is concerted action to bring the latest and most advanced technologies — many of which are routinely used in industry — to dangerously antiquated defense weapons systems and internal IT infrastructure. This was true before COVID-19, it is true now and it will be true when the next crisis strikes.“
“The COVID-19 health crisis is quickly leading to an economic meltdown, throwing millions of Americans out of work and forcing strategic reevaluations across industries. The defense industry is no exception. We are praying for a swift end to the crisis, but its effects will linger, shaping the Pentagon’s priorities, organizational structure, military operations, logistics, supply chains and interactions with the defense-industrial base for years to come.
In the past few weeks, we have had numerous conversations with government officials about our venture and growth equity investments in the defense sector. These discussions have centered on the eligibility rules of the CARES Act’s Paycheck Protection Program and the risk of foreign capital seeking entry into defense technology startups desperate for investment in these trying times.
All too often the government has responded to crises by circling wagons around incumbent firms — the large prime contractors, whose political connections afford them bailouts in the name of “ensuring ongoing competition.” This process is already underway. After announcing its hope for a $60 billion relief package for the aerospace manufacturing industry, Boeing successfully lobbied for $17 billion worth of loans for firms “critical to maintaining national security.”
The CARES Act also announced provisions to streamline the Defense Department’s contracting process, which sounds promising, except for the fact that these provisions apply only to contracts worth over $100 million. This discriminates against smaller, more nimble innovators and providers of cutting-edge technology.
This isn’t how things have always been. After complaints about large horse dealers monopolizing military contracts during the Civil War, the government allowed quartermasters to purchase horses and mules from any dealer on the open market. In World War II, Congress created the Smaller War Plants Corporation, which awarded tens of thousands of contracts to small, competitive firms. Today, through innovative use of Small Business Innovation Research money, other transactional authorities, rapid work programs and the like, the Pentagon is certainly signaling interest in emerging technologies.
But let us be clear: We are not advocating continuing to invest larger dollar amounts into never-ending, short-term pilots and prototypes. The key to sustaining the innovation base through this crisis and any future crises is transitioning the best of these companies and products into real production contracts serving the day-to-day needs of the mission. Host tough, but fair competitions for new innovations, and then rapidly scale the winners.
America’s technological supremacy has afforded our country nearly a century of military hegemony, but it is not a law of nature. Sovereign states and peer competitors like Russia and China will quickly outpace us if we take our prowess for granted. We need new entrants into the defense industry more than ever, but without government support through crises like this one, the talent and capital simply won’t be there.
As the Department of Defense readily acknowledges, its mission is fundamentally changing. Breakthroughs in technological fields like artificial intelligence, autonomous systems, robotics, resilient networks and cyberwarfare mean that future conflicts will look nothing like those we have seen before. The DoD of tomorrow needs a fresh wave of technical expertise to understand and respond to these new kinds of threats.
That is not to say that legacy defense contractors are not needed; their expertise in large air and sea vehicles is currently unparalleled. But the expertise to build these new technologies resides in pockets of talent that the big and bureaucratic incumbents, who made their names with 20th century technology, lost access to decades ago.
The DoD has publicly exalted the importance of innovative defense startups for years. That is partly why we are so excited to invest capital into the defense sector at this moment in history. Silicon Valley has a chance to live up to its oft-ridiculed but sincere ambition to make the world a better place by investing in American national security.
However, we as venture capitalists and growth equity investors also have a duty to our limited partners who have entrusted us to invest and grow their capital. If we see the same old story of the government claiming to support small businesses but prioritizing its old incumbents, those investment dollars will disappear.
Times of rapid and unprecedented change, as COVID-19 has precipitated, also provide opportunities. The DoD and Congress can reshape budget priorities to put their money where their mouths have been and support innovative defense technologies. Each dollar awarded to a successful venture capital and growth equity-backed defense startup through a competitively awarded contract attracts several more dollars in private investment, providing the DoD significantly more leverage that if that same dollar was spent on a subsidy or loan to a large legacy contractor. This leverage of private capital means that every contract a startup receives accelerates by up to 10 times their ability to build technology and hire talent to support the DoD’s mission.
The bottom line is this: There’s no reason to let a health crisis today become a national security crisis tomorrow. The DoD has an opportunity to not only sustain but grow its innovation base, and give contracts, not lip service, to innovators. We, the undersigned, hope they do.”
The contributors to this commentary are: Steve Blank of Stanford University; Katherine Boyle of General Catalyst; James Cham of Bloomberg Beta; Ross Fubini of XYZ Capital; Antonio Gracias of Valor Equity Partners, who sits on the boards of Tesla and SpaceX; Joe Lonsdale of 8VC, who also co-founded Palantir; Raj Shah of Shield Capital, who is a former director of the U.S. Defense Innovation Unit; Trae Stephens of, Founders Fund; JD Vance of Narya Capital; Albert Wenger of Union Square Ventures; Josh Wolfe of Lux Capital; Hamlet Yousef of IronGate Capital; and Dan Gwak of Point72.
“Government and contractors were unprepared for COVID-19 to so abruptly push so many employees to remote work. Even now, as businesses start to contemplate how to reopen their offices, the continued need for social distancing means many employees will be choosing or required to continue remote work for the foreseeable future. It’s a fundamental change in how organizations operate, fraught with inconsistencies, challenges and distractions.
Yet, while the pandemic is causing modifications and deviations to contracts and regulations, it will not serve as a “Get Out of Jail FREE” card. Government contractors must still comply with their contracts and protect government information.
What are the compliance implications of mass telework? Here are six questions to ask (and answer) to help you stay compliant while your employees are working remotely:
Are your telework policies and procedures up to date?
Resist the temptation to ignore telework policies that are suddenly impractical. In the absence of clear guidance, employees will be inconsistent in their behavior and performance. Take the guesswork out of the mix by updating and publishing revised policies. Provide clear, concise direction for what employees should do under current conditions (and new conditions, as government guidance evolves).
Is your IT infrastructure ready and secure?
A cyber-secure IT infrastructure built to support thousands of employees from a few offices will have vastly different loads and threats when most workers are suddenly piping in remotely. Is your VPN set up for the additional traffic? Do your security models and controls need to be adapted for the increased number of employees working remotely? Consider allowing access into the system for extended hours, so employees with family obligations have flexibility about when to do their work. Be sure your team fully appreciates the risks of relaxing some security controls (such as reducing keystroke monitoring) to improve your system’s responsiveness.
Do employees have the technology and guidelines to work securely from home?
Most employees will do their best to serve government customers and be productive, even if they don’t have the same technology at home as at work. But the bad guys in cyberspace are exploiting this crisis and are increasingly determined to test the security boundaries of governments, businesses and citizens. Some employee “best effort” behaviors could introduce unwanted compliance and security issues.
Remind employees of how to protect sensitive information at home. Re-publish policies about home network security, strong passwords, use of personal email accounts, unknown email attachments and other best practices. Consider home burn bags to store confidential papers until employees return to the office. Remind employees to disengage smart speakers in spaces where work-related conversations are happening. Use passwords and other added security measures for all video conferencing.
How are you managing and monitoring the productivity of remote workers?
Even veteran teleworkers have been disrupted by the sudden appearance of a spouse, children and/or roommates who are all competing for space, time, attention and internet bandwidth. Employees who are teleworking for the first time may have a home environment that is more casual, less vigilant, and filled with more distractions than an office setting.
It’s important, though, to proactively manage and document the work employees are doing. Be sure employees understand policies about work hours, time tracking and status updates. Share tips and expectations for productive and professional telework. Task your managers to understand obstacles their employees are facing – and to communicate clearly about whether any temporary job accommodations are approved. Then, closely monitor performance to ensure that you’re delivering on your contracts and billing the government appropriately for the completed work.
Are key employees cross-trained?
Anticipate that key personnel may become unavailable to perform mission-critical duties at some point in the pandemic. If you haven’t already, identify and cross-train employees who can step in should the need arise. Remember to obtain your customer’s approval of these key employees, so work can continue uninterrupted. Keep an updated and centralized list or database to consult as your situation changes.
Are you monitoring your procedures and controls, especially the updated ones?
When so much is new and changing, monitoring your controls is a must to ensure timely corrective actions and prevent material non-compliances. Periodically test your company compliance hotlines to verify that they are accessible, appropriately staffed and supported. Keep your governance program (board of directors and executive committees) active, engaged, and available to address anything that might go awry.
COVID-19 has created a remote working scenario that most government contractors never could have envisioned. While it’s different from anything we’ve experienced before, the government will not consider these changes an excuse for significant noncompliance. It is more challenging, but with planning, creativity and vigilance, companies, employees, and customers will be well served. In fact, you may find that some changes you make to accommodate the pandemic ultimately improve your operations and should endure after the crisis has resolved.”
“We all know that, at a minimum, proposals must be compliant and responsive. If a proposal meets this minimum bar, the evaluator is likely to award it an Acceptable rating. But what if, despite several rounds of color team reviews, the proposal barely meets this mark?
A Mediocre Proposal
We can assume that an Acceptable proposal will not win in a federal government competitive best value trade-off, unless other bidders also submit Acceptable proposals, and price is the determining factor.
Under the Federal Acquisition Regulation (FAR), government evaluators must make an award based on benefits offered by the proposer. Those benefits may include features of the proposed offering with proven benefits, or a low price, or some combination of the two. Still, unless the win strategy is based on a low bid, the goal of our color team reviews is to improve proposal quality. As a result, we would hope that our proposal rises from merely Acceptable to Good or even Outstanding as we move from Pink to Red to Gold Team.
However, we encounter situations where despite the best efforts of reviewers and writers, the proposal never rises above mediocre. Why did this happen? In the case of some recent reviews we at Lohfeld Consulting joined as consultants, there were too many reviewers with no training or direction, too many comments and too little consensus, too little time to recover between reviews, and an ill-defined solution.
A Compelling Solution is Rich in Strengths
Writers cannot create masterful text with no direction. Communicating the win themes to writers is not enough direction. Writers need annotated outlines and/or content plans with Strengths mapped to evaluation factors.
If the capture team did not work with subject matter experts and solution architects to craft a solution of merit, and/or failed to vet potential Strengths with customers, then the writers will not write about Strengths. The reviewers will therefore not find any Strengths. The proposal will therefore remain mediocre.
Ten Lessons Learned
The lessons learned below assume that the team has developed and vetted a solution rich in discriminating Strengths. Assuming there is a well-defined solution, here are ten lessons learned our team identified to improve color team reviews and proposal quality.
Types of Reviews: Not all color team reviews are created equal. Determine, up front, what type of color team reviews you will conduct and the purpose of each. We recommend that at least one group of reviewers act like a mock government source selection board to score and rate the proposal like the customer evaluation team. Every type of review should have discrete, well-defined roles that are clear and manageable.
Team Composition: Get the right people committed early and get the reviews on their calendars. Keep review team membership consistent across reviews. Involve proposal professionals in the review to inspect for quality of proposal writing tradecraft (including graphics). Also, involve independent reviewers who know nothing about the opportunity.
Training in the Art of Review: The right reviewers are trained reviewers. Make sure all the reviewers understand the proposal color team protocol. Set expectations for the reviews, provide agendas and scoresheets, and offer guidance/training on using automation, virtual proposal sites and/or evaluation tools.
Team Size and Review Duration: Size the review team and review duration to the proposal size and complexity. Ensure each reviewer has adequate time to review assigned sections. A good rule of thumb is 25-30 pages per day per reviewer. Ideally, two or more reviewers will review each assigned evaluation factor or proposal section for a complete picture.
Preparation: Ensure all review team members prepare in advance. Advance preparation includes reading the RFP, Q&A and amendments. The review team should also have access to the proposal manager’s compliance matrix and the capture manager’s win strategy. (If some reviewers are to act completely independent, do not provide the win strategy in order to see what a fresh pair of eyes finds).
Horizontal and Vertical: Review horizontally for cross-section consistency. Review vertically to determine if the proposal is compliant and responsive (Acceptable) as well as persuasive and compelling (Outstanding). Do reviews at multiple entry points in case customer evaluators review only one section or one evaluation factor.
Consensus: Review teams should have different roles. Some may be reviewing like a government evaluator. Others may be doing a compliance review. Still others may read the proposal for persuasiveness. No matter how you divide the roles, require each review team to provide a consensus out-brief including the proposal score or rating as well as perceived Strengths, Weaknesses, Deficiencies and Risks.
High Level Out brief: Avoid time wasting, long-winded out briefs. Instead keep the group out brief under an hour with a focus on a prioritized set of recommendations for improvement. Save details for one-on-ones with authors to speed recovery and improve quality.
Writer One-On-Ones: Too often, writers receive hundreds of comments and must fend for themselves during proposal recovery. Assign reviewers to fully brief the writers on consensus findings. Conduct iterative reviews before the next formal color team to ensure recovery is on track.
Lessons Learned: After proposal submission, conduct an internal lessons learned using a standard template. Which review processes worked, and which didn’t? Do you need more training in proposal solutioning, writing, and/or reviews? Develop and implement corrective actions as needed.
It All Begins with a Solution
Just write and solution later is the worst way to develop winning content. Yet, too often, reviewers are expected to evaluate proposal drafts that reflect the lack of a compelling solution. If you want color team reviews that work, solution before you write. Give writers effective templates and fully developed content plans with Strengths mapped to evaluation factors. Then, implement the ten lessons learned above, and see your color team reviews improve and win rates soar.”
“From supply chain, to acquisition, to automation, the federal response to COVID-19 is changing what IT means to agencies, according to several top federal IT managers.
As the pandemic grew, the Small Business Administration ramped up its telework efforts and surged its personnel and IT to support disaster and small business loan portals, the agency was told there were potential shortages desktop and laptop computers and lagging supplies of peripheral devices such as mice and monitors, according to agency CIO Maria Roat. That shortage, however, didn’t slow the efforts down, as the General Services Administration and NASA’s SEWP contract had enough to support SBA’s efforts, she said, but it showed a potential problem.
With other agencies, including Health and Human Services and the Veterans Administration looking for similar IT gear, “the supply chain on the hardware side was stressed,” said Roat during an April 30 ACT IAC teleconference.
Cross-agency teamwork, she said, is a critical piece of such a huge response. SBA’s dozens of field offices, for instance, can now rely on IT support from GSA and Agriculture Department IT field personnel because of collaboration through the Federal CIO Council, according to Roat. “I haven’t used that yet,” she said, but it’s helpful to know the help is there.
In setting up its telework and loan platform efforts, Roat said SBA has leveraged software defined networking, collaborative technologies, such as Skype, and Microsoft Teams.
In support of the loan platforms, said Roat, SBA has turned up its Gigabit bandwidth on Ethernet backbone circuits to handle the traffic on the portals. The agency, she said, plans to add more capabilities, as well hone existing capabilities in the coming weeks.
“We’re now getting ready for release five” of those portal efforts, she said. The agency will add additional features, such as chat boxes, a way to view active cases and additional workflow refinements, as well as additional personnel, she said.
The COVID-19 response, said Harrison Smith, deputy chief procurement officer, at the IRS, has shown the federal government needs faster, more responsive methods to get what it needs in times of crisis. The pandemic response has shown the traditional 12 to 36 month acquisition planning cycle “is not how we need to do things,” he said.
COVID-19 “has underscored the need for us to move ahead in a more agile manner” but also balance that quicker capability with responsible spending, he said.
That could mean making a way for agencies to shift to more creative ways of getting things on the fly, possibly forgoing interagency agreements for say, shared services, for instance, according to Smith.
GSA, said Beth Killoran, the agency’s deputy CIO, is learning to leverage drones, data analytics and virtual capabilities to handle more of its federal building management duties. The agency is using geotagged images to track contractors’ construction or repair work on its buildings, to save local and federal building inspectors from having to make a trip to sites, she said. The agency is tasking drone aircraft to do exterior building inspections, as well. GSA has also tapped public data of COVID-19 hotspots at federally-owned medical facilities, to inform where its cleaning crews can safely do their work.
Modernized IT, said Roat, Killoran and Smith, is key to responding to such a huge crisis. The workforces at GSA, SBA and IRS, they said, have adapted quickly to telework because they had begun to move toward telework before the crisis.
House lawmakers previously proposed a $3 billion bump for the Technology Modernization Fund in a COVID-19 bill that ultimately went nowhere, but future additions are possible. Roat, who is on the TMF board that approves projects for funding said it’s unclear if any new funding will be approved.
SBA, she said, spent 50 intense days planning and executing a plan to implement IT to support public-facing portals and services for COVID-19 response.
“From where I sit, I’d bet other agencies are doing the same” reflection on how to move ahead from here, she said. “How would we use that $3 billion to look at the bigger picture?” Should it concentrate on shared services, she wondered. “Everyone is at home right now. Everyone is digital. We need to ramp up out digital citizen interaction.”
“The Department of Defense is racing to test and adopt artificial intelligence and machine learning solutions to help sift and synthesize massive amounts of data that can be leveraged by their human analysts and commanders in the field. Along the way, it’s identifying many of the friction points between man and machine that will govern how decisions are made in modern war.
The Machine Assisted Rapid Repository System (MARS) was developed to replace and enhance the foundational military intelligence that underpins most of the department’s operations. Like U.S. intelligence agencies, officials at the Pentagon have realized that data — and the ability to speedily process, analyze and share it among components – was the future. Fulfilling that vision would take a refresh.
“The technology had gotten long in the tooth,” Terry Busch, a division chief at the Defense Intelligence Agency, said during an Apr. 27 virtual event hosted by Government Executive Media. “[It was] somewhat brittle and had been around for several decades, and we saw this coming AI mission, so we knew we needed to rephrase the technology.”
The broader shift from manual and human-based decision-making to automated, machine-led analysis presents new challenges. For example, analysts are used to discussing their conclusions in terms of confidence-levels, something that can be more difficult for algorithms to communicate. The more complex the algorithm and data sources it draws from, the trickier it can be to unlock the black box behind its decisions.
“When data is fused from multiple or dozens of sources and completely automated, how does the user experience change? How do they experience confidence and how do they learn to trust machine-based confidence?” Busch said, detailing some of the questions DOD has been grappling with.
The Pentagon has experimented with new visualization capabilities to track and present the different sources and algorithms that were used to arrive at a particular conclusion. DOD officials have also pitted man against machine, asking dueling groups of human and AI analysts to identify an object’s location – like a ship – and then steadily peeling away the sources of information those groups were relying on to see how it impacts their findings and the confidence in those assertions. Such experiments can help determine the risk versus reward of deploying automated analysis in different mission areas.
Like other organizations that leverage such algorithms, the military has learned that many of its AI programs perform better when they’re narrowly scoped to a specific function and worse when those capabilities are scaled up to serve more general purposes.
Nand Mulchandani, chief technology officer for the Joint Artificial Intelligence Center at DOD, said the paradox of most AI solutions in government is that they require very specific goals and capabilities in order to receive funding and approval, but that hyper-specificity usually ends up being the main obstacle to more general applications later on. It’s one of the reasons DOD created the center in the first place, and Mulchandani likens his role to that of a venture capitalist on the hunt for the next killer app.
“Any of the actions or things we build at the JAIC we try to build them with leverage in mind,” Mulchandani said at the same event. “How do we actually take a pattern we’re finding out there, build a product to satisfy that and package it in a way that can be adopted very quickly and widely?”
Scalability is an enduring problem for many AI products that are designed for one purpose and then later expanded to others. Despite a growing number of promising use cases, the U.S. government still is far from achieving desired end state for the technology. The Trump administration’s latest budget calls for increasing JAIC’s funding from $242 million to $290 million and requests a similar $50 million bump for the Defense Advanced Research Projects Agency’s research and development efforts around AI.
Ramping up the technology while finding the appropriate balance in human/machine decision-making will require additional advances in ethics, testing and evaluation, training, education, products and user interface, Mulchandani said.
“Dealing with AI is a completely different beast in terms of even decision support, let alone automation and other things that come later,” he said. “Even in those situations if you give somebody a 59% probability of something happening …instead of a green or red light, that alone is a huge, huge issue in terms of adoption and being able to understand it.”
Waiting for a contract award to achieve a government contracting business process is not advisable. A win may not happen at all without addressing the structure and process requirements in your proposal to convince the customer you understand his business environment.
If you are not prepared in advance and you are fortunate enough to win, then in a very short time frame you will have to evolve your business system to perform on your contract and submit a billing.
This article will discuss a framework for a small enterprise to develop a business system in service contracting, which is the most frequent venue utilized to enter the government market.
The above diagram depicts the major elements of a suggested integrated template.
If you are a small startup organization, your process and automation may be quite rudimentary and simple in addressing the above structure and functions. If your company is in a high growth mode with many transactions, projects and details your processes and computerization will be more complex.
The point to remember is the need to overlay the above on your existing company for the unique products and services you provide, and then address how to fit, supplement, or accommodate the necessary adjustments to support contracting to the government.
Please read the following articles on the highlighted topics for details that may assist in evolving your unique business processes to support government contracting:
Remember, small business federal government contracting is not rocket science – it is taking what you do well in the commercial environment and applying it in a slightly different manner from a business perspective to accommodate the way the federal government does business.”
“First, and always foremost, make sure your profile is up-to-date and fully represents what you do and who you do it for. An out-of-date or incomplete profile will probably cost you business instead of helping you win business. LinkedIn is the top venue for vetting professionals in our market, so present yourself well.
Second, find things to share. As you’re reading the GovCon trade media, listening to podcasts or reading blogs, find things that are worthy of sharing, things that your connections will find interesting and useful. I share events, podcasts (like Nick Wakeman’s Project 38 or Amtower Off Center), contract updates and more. And of course I will be sharing this article when it runs.
Third, reach out to key accounts. Touch bases with all of your connections and look for new connections to make in those accounts. When I am reaching out to new people in a company I am working with, or want to work with, one thing I always do is see who our “shared connections” are. If you share twenty+ connections with someone; that may be worth noting when you reach out. I have people with whom I share over 1,000 connections. Steve Cooper (yes, that Steve Cooper) and I share 1,328 connections.
Fourth, there are a lot of soft touches that you can make through scanning your Notifications page. There are always people who have changed companies, moved up in their current company, have birthdays, and more. For each of these I look at their profile before I send anything. I look to see who else I know at the company and glean anything I can to help me formulate a more personal message rather than simply send “Happy birthday” or “Congrats on the new job.” The more personal it is, the more memorable you become.
For example, a friend of mine just got a new position with a government contractor and I happen to know five other people at that company. So in my congratulatory message I referenced knowing these people and offering to do an introduction. In normal times this might not be necessary, but during the stay at home situation, she may not meet these people for a while. I’ve worked with this woman before and I know she’s extremely competent in what she does so in my introductions to the other people I know I have a high degree of confidence in saying “you just added a great person to your team.”
Fifth, scroll through your homepage to see what other people in your network are doing. This is like a Twitter feed and the more active your network is the more information will be there in real time. So scroll through and look for things that you can comment on, or congratulate people for, or otherwise acknowledge in some meaningful way.
LinkedIn offers you a 24/7/365 way of staying in touch with your 1st degree network. In our current stay-at-home environment this is extremely important.
These are some tip of the iceberg social selling techniques that I have been using and coaching my clients on for several years. They are especially effective at helping you stay top of mind in difficult times.”
“We face difficult times ahead, with challenges at a scale that few, if any of us, have encountered in our lives. And ready or not, we’re going to need IT modernization with an urgency agencies had not experienced before.
A common three-phase cycle – the “three Rs”: Response, Recovery and Restructure.”
“Roughly every 10 years for the last five decades, the federal government has had to deal with major crises ranging from economic to terrorist to pandemic. We now face the novel COVID-19 pandemic, and it has presented CIOs at all levels of government with unprecedented challenges to respond to the critical needs of the country.
Having worked in the Office of Management and Budget, as a congressional committee staff member and in industry during previous crises, I have noted a common three-phase cycle always happens, which I’ll refer to as the “three Rs”: Response, Recovery and Restructure. The cycle plays out this way:
Response: Chaotic triage activity always seems to overwhelm even the best continuity-of-operations plans and key mission-critical programs needed to get benefits and assets to those most in need.
Recovery: When the situation stabilizes, agency officials can take a breadth and figure out how to bring order out of chaos, taking advantage of OMB M-20-21 guidance to address multiple audits of actions taken in the heat of crisis.
Restructure: Audits and reports lead to new agencies, reorganizations and programs to make sure the country never has to experience the same crisis again (e.g., creation of the Department of Homeland Security based on the 9-11 Commission report).
Recovery and Restructure activities during the 21st century have increased major technology spending (33% after 9-11, about 10% after the housing crisis) before flattening. Recovery and Restructure phases from COVID-19 necessarily require increased technology spending and may even radically restructure the government.
With the Response-phase activities related to our current crisis underway, let’s focus on the Recovery Phase. Stated simply, the Recovery phase will be substantially more expensive and less effective if the government does not make a major investment in today’s digital government tools and techniques. In fact, with the massive volume of transactions and data generated in the COVID-19 response, CIOs will have to help agency leaders recognize the need for cloud computing, big data analytics and artificial intelligence/machine learning to meet the historic challenges.
Here are four areas where the government must apply digital government tools:
Administering grants and loans: Without the help of large-scale data analytics and algorithms and the ability to integrate citizen-sourced fraud and abuse insights, it will be extremely difficult to manage risk and achieve performance goals. Traditional ways of sampling won’t work for the sprawling, multi-trillion dollar COVID-19 Recovery phase.
Logistics accounting: Jerry-rigged supply chains for emergency resources will now have to be quantified and recorded against budgets. The government will face two options: It can either write off losses it cannot account for, or it can apply records management, e-discovery and robotics tools to quantify spending by funding source. Twenty years ago, it would have been impossible to pull together the information needed to understand this history. This is important for the government to better manage its response to the next crisis – as well answering congressional inquiries that will inevitably follow for years to come.
Financial and performance management required under OMB M-20-21: Aging financial management systems and longstanding system interface issues will make it difficult to reconcile expenditures and obligations related to coronavirus. A look at the last couple years’ financial audits show gaps in controls and systems capabilities. To manage trillions of dollars of stimulus and public health spending, agencies will need extensive investment in open application programming interfaces, robotics and AI or overhaul their modern financial systems.
Home-based federal workforce: Government cannot go back to an operating model based on 25% of people teleworking on any day. I was once told that to understand how government can best leverage technology requires understanding information flows in daily operations. People, processes and technology will have to reflect a virtual workforce, requiring workflows shifting from documents and consensus to fact-based decision-making and accountability for results. Government will need to deploy a tiered digital architecture to untether people from their desks, leveraging cloud and virtualization techniques with a mixture of open standards, APIs and chunking of databases and legacy code into interoperable modules.
So what makes this the most challenging time for CIOs? The biggest horror stories are already baked into program offices that resisted help from the CIO or where the CIO organization was unable to fix systems needed for the COVID-19 response. If not already a partner in the Response phase, it will be very difficult for the CIO team to be the source of digital transformation needed in the Recovery phase. In the past, agency leaders replaced their IT leadership team and contractors.
We face difficult times ahead, with challenges at a scale that few, if any of us, have encountered in our lives. And ready or not, we’re going to need IT modernization with an urgency agencies had not experienced before.”
“As quarantines and self-isolation guidelines have taken hold, not everyone has workstations or agency-issued laptops with card readers at home, leaving some feds and contractors with no easy way to fulfill the government’s primary identity and access requirement.“
“The coronavirus outbreak has shuttered federal office buildings and sent employees to work from home. While most expect those facilities to eventually reopen, the shift to telework is changing how agencies and contractors conduct identity and access management.
The decades-long dominance of Personal Identity Verification (PIV) and Common Access Cards (CAC) as the preferred method to regulate employee access to physical and IT resources may be coming to an end.
According to a January 2020 estimate from the National Institute of Standards and Technology, the federal government and its base of contractors combined use nearly 5 million PIV cards. Digital security contractor Gemalto, which makes smart cards, estimates that the Department of Defense has approximately 4.5 million CAC cards in use at any given time.
Civilian agencies and the military are scrambling to purchase new computers and equipment, but they are competing with private industry and other organizations for limited supplies. The Army recently cited impending supply chain shortages to process an immediate sole source purchase of 200 Dell ruggedized laptops and docking stations that will “allow government workers to telework to avoid exposure to the potential COVID-19 while still completing the mission.” Other agencies like the Department of the Interior have made similar purchases.
“Every day that passes confirmed COVID-19 cases spike and the death toll increases,” the Army wrote in an April 10 justification. “It is imperative that these [notebooks] are obtained as quickly as possible to protect public health.”
Jeremy Grant, a coordinator with the Better Identity Coalition, a non-profit advocacy organization made up of companies across the financial, health care, telecommunications, payments and security sectors, said adjusting to the new reality has been particularly problematic for the federal government.
“On the government side, it’s definitely presenting some special challenges, given that while it’s a great model and very secure, everything about the PIV is premised on this very robust in-person identity and proofing process,” said Grant, a former senior executive advisor to NIST, in an interview. “The challenge has been that we built this policy assuming you can always have this in-person process. Now that it’s not feasible, what are you supposed to do to make things secure?”
Further, new hires normally go through a thorough onboarding process to obtain their cards that often includes in-person interactions to collect biometrics like fingerprints for their PIV credentials. In a March 25 memo, the Office of Personnel Management noted that many of the federal, state and local offices that vet newly hired government employees are “temporarily closed” due to the coronavirus outbreak, making it difficult or impossible to fulfill FBI-requirements for fingerprints to process background investigations and criminal history checks.
The memo advises agencies to use a number of alternatives during the crisis, such as deferring the fingerprint collection, delaying the final reporting and adjudication of a new employee’s background investigation or conducting temporary identity proofing through remote tools like video link, fax or email. New hires that vetted under the interim guidance will be required to undergo in-person identity-proofing when their agency returns to full capacity.
Just when that will be is the subject of much debate and speculation from epidemiologists and health experts, who have offered a wide range of estimates for when the world can expect to safely return to offices and resume group gatherings. Some experts have predicted the status quo could hold until next year or even 2022 if a new vaccine isn’t discovered quickly. That has some cybersecurity and tech companies predicting a broader shift in the global economy where remote work — and all its implications — could be here to stay.
“BYOD is now the reality and will continue to be in the future, because I don’t think we’re going back to that type of work environment that we used to be in,” said Greg Touhill, former federal CISO and current president of AppGate, during an April 15 webinar hosted by Billington CyberSecurity.
Duo Security, which makes and sells remote access tools, is betting that governments and private industry will use the crisis to restructure the way they conduct identity and access management — moving away from physical access cards and toward solutions that allow workers to use their personal devices. Most organizations, the company’s Advisory CISO Sean Frazier said in an interview, are looking for quick and easy ways to “keep the lights on” and ensure business continuity in the wake of the sudden switch.
“I think the PIV card of … 16 years ago when it came out was a really good idea, but we’ve kind of moved on from it from the perspective of agility,” said Frazier. “It’s not necessarily the easiest technology to ramp up quickly. So for example if you have some kind of event where all of a sudden your workers are remote and they’re working from home using personal technology, it was really never designed for that. People are right now kind of scrambling and looking for comparable controls.”
Frazier’s boss, Head of Advisory CISOs Wendy Nather, warned that organizations aren’t setting up their remote infrastructure for the long haul.
“A lot of organizations are thinking that this is a temporary aberration, and so when they put in an infrastructure to enable remote working they’re putting in the fastest and cheapest thing they can find and they figure they’ll just pull it back later when this is over,” she said. “We don’t know when this will be over. Even if it is over, we don’t know how many employees are going to be willing to come back into the office.”
Nather said agencies should also be increasing physical security to protect IT and other assets at their now largely empty office buildings and facilities. The Department of Veterans Affairs, for example, recently purchased new PIV card readers for one of its medical centers in Kansas City, Kan., and has cited the pandemic in multiple emergency procurements for security services to prevent unauthorized access to VA facilities during the COVID-19 outbreak.
Agencies that have historically avoided modernizing their IT and security infrastructure to handle large numbers of remote employees must now rush to implement ad-hoc protocols and purchase equipment to ensure their employees can access agency systems. The Department of Health and Human Services put out a special notice April 16 detailing an urgent COVID-related requirement for a multi-factor authentication and identity assurance solution that can provide remote access to agency resources.
“There’s a lot of employees who were never approved for remote working. Now they’re signing in through their personal devices,” Grant said. “What information do you let them access? Odds are their home device is not going to have a smart card reader built in, so how do you build in some multifactor authentication?”
There are a number of ideas to bridge the access gap in the short term, from implementing new multifactor authentication processes, using app-based solutions, leveraging one-time passwords or even purchasing and distributing Yubikeys and other authentication hardware to agency personnel. Another option could be a larger move to rely more on authenticators that are already embedded in many of today’s commercial computers and phones, allowing employees to use their personal devices to verify their identity.
Shifting your organization’s security mindset from protecting data, not devices, could also help.
“Yes, [employees] may use their own personal technology but I as a business or agency still have to protect my data, so I’ve got to make sure that if they’re coming in with a personal device, I know that device’s software is up to date, that encryption is turned on, that they’re using enabled biometrics so I can provide identity … comparable to what a PIV might provide,” said Frazier.”